EU set to grant UK data adequacy status

The agreement ensuring data flows continue will be reviewed every four years and may be subject to legal challenges

The European Union (EU) is set to allow data to flow freely from its territories to the UK after finding that it has comparable data protection laws in place.

This decision, which has been drafted by the European Commission, should be approved imminently, according to the Financial Times (FT), and will prove a huge relief for businesses nervous about the potential disruption to data flows.

Withdrawal from the EU relegated the UK to ‘third country’ status, meaning that data transfers from the EU to the UK would be blocked by default. Only a formal adequacy agreement, which deems the UK as a secure third country, could restore flows.

As part of post-Brexit agreements, however, the EU and the UK arranged a six-month continuity period specifically to allow for time to consider the UK’s data adequacy status.

This agreement, expected to be announced this week, will be continuously reviewed by the EU and will be subject to legal challenges at the European Court of Justice, however.

This means that while the UK’s laws are deemed to be comparable to the EU’s at present, there are no guarantees it’ll retain this status in future should it tweak its laws and strike arrangements with other countries.

Related Resource

The IT Pro Podcast: Navigating Brexit data transfers

The transition period is over – what happens now?

The IT Pro Podcast: Navigating Brexit data transfers

Global director of privacy at Veritas Technologies, Mark Keddie, branded this a welcome step for businesses looking to manage their data across the UK and Europe.

“However,” he continued, “we would advise organisations not to become complacent as this stay of execution could be short-lived. 

“As with previous similar agreements, most recently the EU–US Privacy Shield and its predecessor Safe Harbor before, there is a distinct possibility that a Privacy NGO will in the near future bring a legal challenge in the European Court seeking to invalidate any UK data adequacy finding. 

“Those businesses that stay focused on maintaining robust data privacy controls and good data hygiene practices will be best suited to manage any future data shocks as the EU-UK relationship develops.”

Keddie was referring to the primary data transfer mechanism between the EU and the US, dubbed Privacy Shield, which was invalidated last year by the European Court of Justice, which deemed it incompatible with GDPR.

Privacy Shield, which was a replacement for the invalidated Safe Harbour Principles, was introduced in 2016 to solve the problem of sending data from the EU to the US given the latter’s relatively invasive surveillance laws.

European figures have hinted that the UK may risk not being granted data adequacy, or losing this status once it has been attained, should it pursue data transfer arrangements with the US. Terms of any agreement between the two nations, subject to examination, may not be compatible with GDPR, the European Data Protection Board (EDPB) warned last year.

The EU’s data adequacy agreement will be reviewed every four years, according to the FT, to ensure it doesn’t compromise the privacy of EU citizens, and will also allow for data transfers on law enforcement matters. 

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021