David McAllister: Data Protection in the United Kingdom
31751
post-template-default,single,single-post,postid-31751,single-format-standard,cookies-not-set,et_divi_builder,qode-social-login-1.1.2,qode-restaurant-1.1.1,stockholm-core-1.0.5,tribe-no-js,page-template-stockholm,select-theme-ver-9.8,ajax_fade,page_not_loaded,vertical_menu_enabled,menu-animation-underline,side_area_uncovered,,qode_menu_,et-pb-theme-stockholm,et-db,wpb-js-composer js-comp-ver-7.5,vc_responsive
18. Mai 2021 In Aktuell, EN

David McAllister: Data Protection in the United Kingdom

The Adequate Protection of Personal Data by the United Kingdom

The United Kingdom remains a close partner of the European Union for effective police and judicial cooperation in the fight against serious crime and terrorism. The transitional arrangements on data protection of the Brexit agreement expire at the end of June. By then, the European Commission should adopt the so-called adequacy decisions under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED). This will provide legal certainty for businesses, prevent disruption and allow for data exchanges between law enforcement and judicial authorities to continue.

Without an adequacy decision, the transfer of personal data will become much more cumbersome, bureaucratic and expensive. It will hinder EU-UK trade and the fight against cross-border crime, and will be detrimental to Small and Medium-sized Enterprises (SMEs). To allow for the free flow of personal data from the EU to the UK to continue, I believe the European Commission should adopt the adequacy decisions.

Although both the EU and the UK clearly benefit from the free flow of data, the arrangement has to be conditional upon the UK’s respect for and compliance with EU data protection rules. It is only natural that the UK, until recently an EU Member State, has privacy laws in place with high levels of data protection. The UK adhered to the GDPR and the LED as a Member State and national replications of both laws remain in place after Brexit.

UK standards of data protection are essentially equivalent to EU standards. The UK laws “provide similar safeguards, individual rights, obligations for controllers and processors, rules on international transfers, a supervision system and redress avenues to those available under EU law”, according to the European Commission. To make sure that the level of data protection in the UK continues to equal that of the EU, it is important that the Commission closely monitors relevant developments in the UK and undertakes a thorough review before renewing its decisions in four years.