EU set to grant UK data adequacy status

The agreement ensuring data flows continue will be reviewed every four years and may be subject to legal challenges

The UK in red and the EU in blue as seen in a digitised map

The European Union (EU) is set to allow data to flow freely from its territories to the UK after finding that it has comparable data protection laws in place.

This decision, which has been drafted by the European Commission, should be approved imminently, according to the Financial Times (FT), and will prove a huge relief for businesses nervous about the potential disruption to data flows.

Withdrawal from the EU relegated the UK to ‘third country’ status, meaning that data transfers from the EU to the UK would be blocked by default. Only a formal adequacy agreement, which deems the UK as a secure third country, could restore flows.

As part of post-Brexit agreements, however, the EU and the UK arranged a six-month continuity period specifically to allow for time to consider the UK’s data adequacy status.

This agreement, expected to be announced this week, will be continuously reviewed by the EU and will be subject to legal challenges at the European Court of Justice, however.

This means that while the UK’s laws are deemed to be comparable to the EU’s at present, there are no guarantees it’ll retain this status in future should it tweak its laws and strike arrangements with other countries.

Related Resource

The IT Pro Podcast: Navigating Brexit data transfers

The transition period is over – what happens now?

The IT Pro Podcast: Navigating Brexit data transfers

Global director of privacy at Veritas Technologies, Mark Keddie, branded this a welcome step for businesses looking to manage their data across the UK and Europe.

“However,” he continued, “we would advise organisations not to become complacent as this stay of execution could be short-lived. 

“As with previous similar agreements, most recently the EU–US Privacy Shield and its predecessor Safe Harbor before, there is a distinct possibility that a Privacy NGO will in the near future bring a legal challenge in the European Court seeking to invalidate any UK data adequacy finding. 

“Those businesses that stay focused on maintaining robust data privacy controls and good data hygiene practices will be best suited to manage any future data shocks as the EU-UK relationship develops.”

Keddie was referring to the primary data transfer mechanism between the EU and the US, dubbed Privacy Shield, which was invalidated last year by the European Court of Justice, which deemed it incompatible with GDPR.

Privacy Shield, which was a replacement for the invalidated Safe Harbour Principles, was introduced in 2016 to solve the problem of sending data from the EU to the US given the latter’s relatively invasive surveillance laws.

European figures have hinted that the UK may risk not being granted data adequacy, or losing this status once it has been attained, should it pursue data transfer arrangements with the US. Terms of any agreement between the two nations, subject to examination, may not be compatible with GDPR, the European Data Protection Board (EDPB) warned last year.

The EU’s data adequacy agreement will be reviewed every four years, according to the FT, to ensure it doesn’t compromise the privacy of EU citizens, and will also allow for data transfers on law enforcement matters. 

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
Peloton security bug could expose user data
data protection

Peloton security bug could expose user data

6 May 2021
Tens of thousands of Pennsylvanians health data exposed following data breach
data protection

Tens of thousands of Pennsylvanians health data exposed following data breach

4 May 2021
Cost of a data breach report 2020
Whitepaper

Cost of a data breach report 2020

30 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021