Netherlands raises concerns on UK data adequacy after EU database copying incident

The UK faces the challenge of convincing Europe that its post-Brexit data protection will be adequate

European Union Parliament Flags

The Netherlands has refused to share criminal convictions data after the UK copied an EU database, sparking concerns whether Britain will be able to win access to European data after Brexit. 

Post Brexit, data flows between the EU and UK will fall to what's known as an adequacy decision. If the European Commission agrees that a non-EU country's data protections are adequate, it can approve the transfer and storage of European citizens' data via that country. With the UK exiting the EU, it will need such approval. 

However, at least two EU countries have raised concerns about British data standards, according to a report in the Guardian. A board meeting record seen by the newspaper reveals opposition from France and the Netherlands to sharing criminal convictions data with the UK, though each country had different motivations. 

“France are currently not engaging for political reasons, and Holland will not engage due to concerns around the UK’s data adequacy status,” the document reveals, according to the report. 

In a statement to the Guardian, the Home Office noted that the discussions in the report were relevant only for a no-deal Brexit. Under the withdrawal agreement now in place for Brexit, the UK will have a transition period until the end of 2020, during which current EU rules will continue to apply, meaning data flows won't be immediately impacted. 

Related Resource

Your guide to overcoming Brexit's data management challenges

Understand Brexit and the data law modifications it may cause

Download now

However, over those 11 months, the UK must negotiate a new agreement. If nothing is agreed by the end of 2020, Britain and its companies will need additional contracts and agreements in place to handle European data. 

This is where an adequacy agreement comes into play. If Britain is deemed "adequate", it will be allowed to handle data just as though it was still an EU country. The European Commission has adequacy agreements with countries including Israel, Canada, and the Isle of Man, as well as the US, though is limited by the Privacy Shield rules. 

While the meeting may have happened when a no-deal Brexit seemed likely, the UK will still face challenges agreeing on an adequacy deal if EU countries dispute its data protection abilities. 

The Dutch government said in a statement to The Guardian that it was concerned about one breach in particular, the illegal copying of the Schengen Information System (SIS) criminal database by British officials, which sparked a complaint from a Dutch MP who accused Britain of "behaving like cowboys".

A Dutch government spokesman told the newspaper that trust was necessary, but suggested it wouldn't necessarily block the UK from an adequacy decision: "The SIS case only serves to underline this. Given its ambitions the Netherlands actively supports the commission’s approach to achieve an adequacy decision with the UK on data protection in the field of security cooperation."

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses
backup

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021
Data: A resource much too valuable to leave unprotected
Whitepaper

Data: A resource much too valuable to leave unprotected

2 Dec 2020
Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021