EU set to grant UK data adequacy status

The agreement ensuring data flows continue will be reviewed every four years and may be subject to legal challenges

The UK in red and the EU in blue as seen in a digitised map

The European Union (EU) is set to allow data to flow freely from its territories to the UK after finding that it has comparable data protection laws in place.

This decision, which has been drafted by the European Commission, should be approved imminently, according to the Financial Times (FT), and will prove a huge relief for businesses nervous about the potential disruption to data flows.

Withdrawal from the EU relegated the UK to ‘third country’ status, meaning that data transfers from the EU to the UK would be blocked by default. Only a formal adequacy agreement, which deems the UK as a secure third country, could restore flows.

As part of post-Brexit agreements, however, the EU and the UK arranged a six-month continuity period specifically to allow for time to consider the UK’s data adequacy status.

This agreement, expected to be announced this week, will be continuously reviewed by the EU and will be subject to legal challenges at the European Court of Justice, however.

This means that while the UK’s laws are deemed to be comparable to the EU’s at present, there are no guarantees it’ll retain this status in future should it tweak its laws and strike arrangements with other countries.

Related Resource

The IT Pro Podcast: Navigating Brexit data transfers

The transition period is over – what happens now?

Global director of privacy at Veritas Technologies, Mark Keddie, branded this a welcome step for businesses looking to manage their data across the UK and Europe.

“However,” he continued, “we would advise organisations not to become complacent as this stay of execution could be short-lived. 

“As with previous similar agreements, most recently the EU–US Privacy Shield and its predecessor Safe Harbor before, there is a distinct possibility that a Privacy NGO will in the near future bring a legal challenge in the European Court seeking to invalidate any UK data adequacy finding. 

“Those businesses that stay focused on maintaining robust data privacy controls and good data hygiene practices will be best suited to manage any future data shocks as the EU-UK relationship develops.”

Keddie was referring to the primary data transfer mechanism between the EU and the US, dubbed Privacy Shield, which was invalidated last year by the European Court of Justice, which deemed it incompatible with GDPR.

Privacy Shield, which was a replacement for the invalidated Safe Harbour Principles, was introduced in 2016 to solve the problem of sending data from the EU to the US given the latter’s relatively invasive surveillance laws.

European figures have hinted that the UK may risk not being granted data adequacy, or losing this status once it has been attained, should it pursue data transfer arrangements with the US. Terms of any agreement between the two nations, subject to examination, may not be compatible with GDPR, the European Data Protection Board (EDPB) warned last year.

The EU’s data adequacy agreement will be reviewed every four years, according to the FT, to ensure it doesn’t compromise the privacy of EU citizens, and will also allow for data transfers on law enforcement matters. 

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Four tips for keeping your business secure during mass remote work
data protection

Four tips for keeping your business secure during mass remote work

19 Feb 2021
Cost of a data breach report 2020
Whitepaper

Cost of a data breach report 2020

2 Feb 2021
10 ways to protect your company from the next big data breach
data breaches

10 ways to protect your company from the next big data breach

28 Jan 2021
Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

26 Feb 2021