NEWS29 June 2021

EU and UK data adequacy to expire in 2025

Brexit Europe GDPR News Privacy UK

EUROPE – The European Commission has introduced a four-year ‘sunset clause’ into data adequacy agreement with the UK and warned it could withdraw the agreement at any time if the UK fails to appropriately protect EU citizens’ data.

EU flags outside building

In a statement confirming the data adequacy agreement between the EU and the UK, Věra Jourová, vice-president for values and transparency at the European Commission, said that the EU had taken concerns from the EU parliament over aspects of the UK’s privacy framework into account when finalising the agreement.

The European Commission said that the adequacy agreement might be renewed after four years, but only if the UK maintains an “adequate level of data protection”. It is the first time the EU has used such a clause in an adequacy agreement.

“During these four years, the commission will continue to monitor the legal situation in the UK and could intervene at any point, if the UK deviates from the level of protection currently in place,” a statement from the commission said.

“Should the commission decide to renew the adequacy finding, the adoption process would start again.”

The data adequacy deal allows personal data to be freely transferred between the UK and EU and has been seen as vital for businesses operating across the two data protection regimes.

Earlier this month the EU parliament passed a motion calling on the commission to prevent bulk access of EU citizens’ data by the UK in any adequacy agreement.

This followed a European Data Protection Board request for UK bulk access practices, onward transfers and international agreements to be clarified further.

The UK’s data protection regime contains exemptions for national security and immigration, and also allows for bulk data to be accessed and retained without a person being under suspicion for perpetrating a crime, which the EU court has judged to be inconsistent with the General Data Protection Regulation.

The European Data Protection Board also feared that onward data transfers could happen due to the UK’s data-sharing agreements with the US.

Transfers of data for the purposes of UK immigration control are excluded from the scope of the adequacy agreement until data protection rights have been addressed by UK law following a recent court case.

Jourová said: “We have listened very carefully to the concerns expressed by the parliament, the member states and the European Data Protection Board, in particular on the possibility of future divergence from our standards in the UK’s privacy framework.

“We are talking here about a fundamental right of EU citizens that we have a duty to protect. This is why we have significant safeguards and if anything changes on the UK side, we will intervene.”

@RESEARCH LIVE

0 Comments