Netherlands raises concerns on UK data adequacy after EU database copying incident

The UK faces the challenge of convincing Europe that its post-Brexit data protection will be adequate

European Union Parliament Flags

The Netherlands has refused to share criminal convictions data after the UK copied an EU database, sparking concerns whether Britain will be able to win access to European data after Brexit. 

Post Brexit, data flows between the EU and UK will fall to what's known as an adequacy decision. If the European Commission agrees that a non-EU country's data protections are adequate, it can approve the transfer and storage of European citizens' data via that country. With the UK exiting the EU, it will need such approval. 

However, at least two EU countries have raised concerns about British data standards, according to a report in the Guardian. A board meeting record seen by the newspaper reveals opposition from France and the Netherlands to sharing criminal convictions data with the UK, though each country had different motivations. 

“France are currently not engaging for political reasons, and Holland will not engage due to concerns around the UK’s data adequacy status,” the document reveals, according to the report. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In a statement to the Guardian, the Home Office noted that the discussions in the report were relevant only for a no-deal Brexit. Under the withdrawal agreement now in place for Brexit, the UK will have a transition period until the end of 2020, during which current EU rules will continue to apply, meaning data flows won't be immediately impacted. 

Related Resource

Your guide to overcoming Brexit's data management challenges

Understand Brexit and the data law modifications it may cause

Download now

However, over those 11 months, the UK must negotiate a new agreement. If nothing is agreed by the end of 2020, Britain and its companies will need additional contracts and agreements in place to handle European data. 

This is where an adequacy agreement comes into play. If Britain is deemed "adequate", it will be allowed to handle data just as though it was still an EU country. The European Commission has adequacy agreements with countries including Israel, Canada, and the Isle of Man, as well as the US, though is limited by the Privacy Shield rules. 

While the meeting may have happened when a no-deal Brexit seemed likely, the UK will still face challenges agreeing on an adequacy deal if EU countries dispute its data protection abilities. 

The Dutch government said in a statement to The Guardian that it was concerned about one breach in particular, the illegal copying of the Schengen Information System (SIS) criminal database by British officials, which sparked a complaint from a Dutch MP who accused Britain of "behaving like cowboys".

A Dutch government spokesman told the newspaper that trust was necessary, but suggested it wouldn't necessarily block the UK from an adequacy decision: "The SIS case only serves to underline this. Given its ambitions the Netherlands actively supports the commission’s approach to achieve an adequacy decision with the UK on data protection in the field of security cooperation."

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/software/linux/354831/microsoft-to-add-defender-antivirus-software-to-linux-ios-and-android
Linux

Microsoft to add Defender antivirus software to Linux, iOS and Android

21 Feb 2020