Netherlands raises concerns on UK data adequacy after EU database copying incident

The UK faces the challenge of convincing Europe that its post-Brexit data protection will be adequate

European Union Parliament Flags

The Netherlands has refused to share criminal convictions data after the UK copied an EU database, sparking concerns whether Britain will be able to win access to European data after Brexit. 

Post Brexit, data flows between the EU and UK will fall to what's known as an adequacy decision. If the European Commission agrees that a non-EU country's data protections are adequate, it can approve the transfer and storage of European citizens' data via that country. With the UK exiting the EU, it will need such approval. 

However, at least two EU countries have raised concerns about British data standards, according to a report in the Guardian. A board meeting record seen by the newspaper reveals opposition from France and the Netherlands to sharing criminal convictions data with the UK, though each country had different motivations. 

“France are currently not engaging for political reasons, and Holland will not engage due to concerns around the UK’s data adequacy status,” the document reveals, according to the report. 

In a statement to the Guardian, the Home Office noted that the discussions in the report were relevant only for a no-deal Brexit. Under the withdrawal agreement now in place for Brexit, the UK will have a transition period until the end of 2020, during which current EU rules will continue to apply, meaning data flows won't be immediately impacted. 

Related Resource

Your guide to overcoming Brexit's data management challenges

Understand Brexit and the data law modifications it may cause

Download now

However, over those 11 months, the UK must negotiate a new agreement. If nothing is agreed by the end of 2020, Britain and its companies will need additional contracts and agreements in place to handle European data. 

This is where an adequacy agreement comes into play. If Britain is deemed "adequate", it will be allowed to handle data just as though it was still an EU country. The European Commission has adequacy agreements with countries including Israel, Canada, and the Isle of Man, as well as the US, though is limited by the Privacy Shield rules. 

While the meeting may have happened when a no-deal Brexit seemed likely, the UK will still face challenges agreeing on an adequacy deal if EU countries dispute its data protection abilities. 

The Dutch government said in a statement to The Guardian that it was concerned about one breach in particular, the illegal copying of the Schengen Information System (SIS) criminal database by British officials, which sparked a complaint from a Dutch MP who accused Britain of "behaving like cowboys".

A Dutch government spokesman told the newspaper that trust was necessary, but suggested it wouldn't necessarily block the UK from an adequacy decision: "The SIS case only serves to underline this. Given its ambitions the Netherlands actively supports the commission’s approach to achieve an adequacy decision with the UK on data protection in the field of security cooperation."

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Most Popular

Microsoft seizes domains used by Chinese hacking group
cyber attacks

Microsoft seizes domains used by Chinese hacking group

7 Dec 2021
Australia film archive gets $41.9 million to digitise audiovisual heritage

Australia film archive gets $41.9 million to digitise audiovisual heritage

6 Dec 2021
VMware Cloud workload migration tools

VMware Cloud workload migration tools

3 Dec 2021