The Dutch Data Protection Authority believes that personal data in the UK will also be well protected after Brexit. At the same time, you are concerned and afraid that data from Europeans will be transferred from the UK to countries where data protection is less regulated. The European Data Protection Board (EDPB), the umbrella organization in which all national supervisors are united, calls on the European Commission to act.
This stems from two opinions published this week by the EDPB, the Personal data authority in a press release.
Well organized personal data protection in the UK
The United Kingdom definitively left the European Union on December 31, 2020. Since then, the country is no longer subject to the General Data Protection Regulation (GDPR) and other European privacy laws. Therefore, European companies cannot simply transfer personal data from Europeans to UK companies.
However, the personal data of European citizens is well protected if transferred to the UK, according to the Dutch Data Protection Authority. That’s because the UK has copied European privacy laws – the GDPR and the Police and Justice Directive. Thus, the data protection system in the UK is very similar to that of the EU.
The European Commission prepares two adequacy decisions
At the same time, the EDPB is concerned. The umbrella organization fears that the UK will be used as a springboard to transfer the personal data of European citizens to countries where data protection is less good. Like the United States. The EDPB has asked the European Commission for clarification on this point.
The European Commission has proposed two of the so-called adequacy decisions to again allow transfers of personal data to the UK. An adequacy decision is a decision in which the EU executive board determines that a country has an adequate level of personal data protection. This means that there are no objections to companies operating in EU Member States transferring personal data to the UK.
The button has not yet been cut
The adequacy decisions of the European Commission are valid for a period of four years. If the UK decides to take interim measures that lower the level of protection for European citizens, the Commission cannot intervene. The EDPB asks the European Commission to make interim adjustments, if necessary.
The Dutch Data Protection Authority says the European Commission is obliged to seek advice from the EDPB to make adequacy decisions. However, you are not required to follow these tips. It is unknown when the European Commission will decide whether adequacy decisions will be made or whether European companies will be able to transfer personal data to UK companies.
This is how the exchange of personal data is organized after July 1
At the moment, the British are benefiting from a transitional agreement for the issuance of personal data. This means that the “old” and well-known European privacy rules are in force. This period runs until the end of April. The transition period can be extended for another two months, but this requires the approval of the EU and the UK.
The Dutch Data Protection Authority recently wrote about how the transfer of personal data to the UK is organized after July 1, 2021. In essence, if the European Commission does not make an adequacy decision before the end of June, the UK Kingdom will be considered a non-EU country. Then personal data can only be exchanged if the country in question has an “adequate level of protection”. You can read it all in our article ‘This is how the exchange of personal data is regulated in the Brexit agreement’.
“Professional food trailblazer. Devoted communicator. Friendly writer. Avid problem solver. Tv aficionado. Lifelong social media fanatic.”