Commission wants to ensure a flow of secure data between EU and UK
The privacy system that applies in Britain after the divorce has been thoroughly checkedEuropost , Brussels
The EU executive launched on Friday the process towards the adoption of two adequacy decisions for transfers of personal data to the United Kingdom, one under the General Data Protection Regulation and the other for the Law Enforcement Directive.
The publication of the draft decisions is the beginning of a process towards their adoption. This involves obtaining an opinion from the European Data Protection Board (EDPB) and the green light from a committee composed of representatives of the EU Member States.
Once this procedure will have been completed, the Commission could proceed to adopt the two adequacy decisions.
Assessing carefully over the past months the UK's law and practice on personal data protection, including the rules on access to data by public authorities, the Commission concludes that the UK ensures an essentially equivalent level of protection to the one guaranteed under the General Data Protection Regulation (GDPR) and, for the first time, under the Law Enforcement Directive (LED).
Ensuring free and safe flow of personal data is crucial for businesses and citizens on both sides of the Channel, Věra Jourová, Vice-President for Values and Transparency, commented noting that the UK has left the EU, but not the European privacy family.
“At the same time, we should ensure that our decision will stand the test of time. This is why we included clear and strict mechanisms in terms of both monitoring and review, suspension or withdrawal of such decisions, to address any problematic development of the UK system after the adequacy would be granted,” VP Jourová specified.
Didier Reynders, Commissioner for Justice, said that a flow of secure data between the EU and the UK is crucial to maintain close trade ties and cooperate effectively in the fight against crime.
Today we launch the process to achieve that, he pointed out adding that the Commission has thoroughly checked the privacy system that applies in the UK after it has left the EU.
As he stated, now European Data Protection Authorities will thoroughly examine the draft texts. He also urged that EU citizens' fundamental right to data protection must never be compromised when personal data travel across the Channel.
“The adequacy decisions, once adopted, would ensure just that,” Commissioner Reynders emphasised.
Compared to other non-EU countries where convergence is developed through the adequacy process between often divergent systems, EU law has shaped the UK's data protection regime for decades.
According to the Commission, it is essential that the adequacy findings are future proof now that the UK will no longer be bound by EU privacy rules.
Once these draft decisions are adopted they would be valid for a first period of four years. After four years, it would be possible to renew the adequacy finding if the level of protection in the UK would continue to be adequate.
Until then data flows between the European Economic Area and the UK continue and remain safe thanks to a conditional interim regime that expires on 30 June this year and was agreed in the EU-UK Trade and Cooperation Agreement.