The Dutch Data Protection Authority believes that personal data in the UK will also be well protected after Brexit. At the same time, he is worried and worried that data from Europe will be transferred from the UK to countries where data protection is not well regulated. The European Data Protection Council (EDPB), the umbrella organization where all national watchdogs come together, called on the European Commission to act.
This can be seen from the two opinions published by the EDPB this week, namely Personal Data Authority in a press release.
Personal data protection in the UK is well organized
The UK permanently left the European Union on December 31, 2020. Since then, the country is no longer bound by the General Data Protection Regulation (GDPR) and other European privacy laws. Therefore, European companies are not allowed to simply transfer personal data of Europeans to companies in the UK.
However, personal data of European citizens is well protected when transferred to the UK, according to the Dutch Data Protection Authority. That’s because the UK has copied European privacy laws: the GDPR and the Police and Justice Directive. Thus, the data protection system in the UK is very similar to that of the European Union.
European Commission prepares two adequacy decisions
At the same time, the EDPB is concerned. The umbrella organization is concerned that the UK will be used as a springboard to transfer personal data of European citizens to countries where data protection is poor. Like the United States. The EDPB has asked the European Commission for clarification on this matter.
The European Commission has proposed two so-called adequacy decisions to allow the transfer of personal data to the UK again. A adequacy decision is a decision by which the EU executive board determines that a country has an adequate level of protection for personal data. This means that there are no objections for companies operating in EU Member States to transfer personal data to the United Kingdom.
Button not cropped
The European Commission adequacy decision is valid for a period of four years. If the UK decides to take temporary measures that lower the level of protection for European citizens, the Commission cannot intervene. The EDPB asks the European Commission to make temporary adjustments, if necessary.
The Dutch Data Protection Authority said that the European Commission was obliged to seek advice from the EDPB for an adequate decision. However, he is under no obligation to follow this advice. It is not known when the European Commission will decide whether the adequacy decision will be adopted, or whether European companies can transfer personal data to companies in the UK.
This is how the exchange of personal data is arranged after July 1
Currently, the UK is benefiting from transitional arrangements for the publication of personal data. This means that the famous ‘old’ European privacy rules apply. This period lasts until the end of April. The transition period can be extended for another two months, but this requires approval from the EU and UK.
The Dutch Data Protection Authority recently wrote about how the transfer of personal data to the United Kingdom after 1 July 2021 is regulated. In essence, if the European Commission does not take an adequate decision before the end of June, the UK will be considered a non-EU country. Then personal data can only be exchanged if the country concerned has an ‘adequate level of protection’. You can read them all in our article ‘This is how the exchange of personal data is regulated in the Brexit deal’.
“Incurable alcohol fan. Proud web practitioner. Wannabe gamer. Music buff. Explorer.”