Episode 67 - Data Flows After Brexit... For Now

Europe finds UK data privacy system adequate, for now. On June 28, 2021, the Europe Union granted two adequacy decisions to the United Kingdom for personal privacy purposes. 1. Decision on the adequate protection of personal data by the United Kingdom - General Data Protection Regulation 2. Decision on the adequate protection of personal data by the United Kingdom - Law Enforcement Directive This assures, for now, that data flows between the EU and UK can continue without restrictions. But for the first time, the EU’s decisions were not permanent and will last only four years. What’s going on? Because of Brexit, the UK and the EU reached a transition agreement at the end of 2020. This included six months for the UK and EU to reach an agreement about data privacy flows. The deadline approached, and the EU decision was made just in time (the UK had already issued its own adequacy decision regarding data going to the EU). Had it not been made, one estimate was that UK businesses would face immediate compliance costs of about 1.6 billion pounds, aside from other costs. So, UK businesses can rest easy – for a time. According to Kim Walker, a leading UK privacy attorney at the firm of Shakespeare Martineau (Kim Walker | Shakespeare Martineau (shma.co.uk), 11% of global data flows through the UK, and 70% of UK data flows through the EU. Why the last-minute timing and why the unusual temporary grant of an adequacy decision? The answer lies in the same surveillance issues that restrict data flows between the EU and the United States. Without a comprehensive and protective federal personal data privacy law, the United States is unlikely to receive an adequacy decision from the EU indefinitely. The EU is particularly skeptical of mass surveillance by U.S. authorities. The British mass surveillance system is not that different from the American approach to how and when public authorities can access private personal information. The EU is concerned that by granting adequacy to the UK, this could create a back door for the UK to grant unrestricted data flow to the United States, thus undermining Europe’s basic GDPR approach to restricting data flows that may disrupt the protections of personal privacy at the heart of GDPR. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
This podcast was created for general informational purposes only as of the time of its creation and does not constitute legal advice, the formation of an attorney client relationship, or a solicitation to provide legal services. The laws governing legal advertising in some states require the following statement in any publication of this kind: “THIS IS AN ADVERTISEMENT.” All rights reserved