Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Ali Qassim
The U.K.'s statement that it will adopt the European Union’s new privacy regime means it will need to secure the bloc’s approval that its privacy laws are strong enough to safeguard personal data, privacy and security attorneys told Bloomberg BNA Feb. 2.
The U.K.’s Digital Minister Matt Hancock told Parliament Feb. 1 that, regardless of the U.K.’s eventual exit from the trade bloc, it would reform its privacy laws by May 2018 to comply with the EU’s new General Data Protection Regulation. The U.K. “will be treated as a third party once it’s no longer in the EU” without the right to receive EU personal data unless the bloc grants a privacy-adequacy decision, Hancock said. There aren’t any planned alternatives to ensure the free movement of personal data between the U.K. and the other 27 EU countries, he said.
The GDPR is an “important part” of “securing the unhindered flow of data between the U.K. and the EU post Brexit,” Hancock told the House of Lords EU Home Affairs Sub-committee during a Feb. 1 evidence session on the U.K.’s Data Protection Package.
Hancock spoke at a Parliamentary hearing in advance of the U.K.’s Feb. 2 release of a Brexit White Paper outlining the government’s plans for exiting the EU and removing itself from the jurisdiction of the European Court of Justice (ECJ).
Vin Bange, partner and head of the data protection team at London-based law firm Taylor Wessing LLP, told Bloomberg BNA Feb. 2 that “against the uncertainty of not knowing” what “the future relationship with Europe will look like, it is almost inevitable that the EC will be pushed to consider whether the UK provides for a data protection regime which is ‘adequate’” or “provides an equivalent level of data protection to the EU.”
A European Commission-issued adequacy decision “of the type already issued for a select number of countries would allow for the free movement of personal data to the UK from Europe without the need for taking further steps to put tools of legitimization in place,” he said.
Eduardo Ustaran, a partner in the global privacy and cybersecurity practice of Hogan Lovells LLP in London, agreed that “the wisest move would be for the U.K. to apply for some form of ‘automatic adequacy’ for transfers of data originating from the EU post-Brexit.”
“This would be justifiable on the basis that both data protection frameworks would be identical, which will be a logical thing to argue if the UK implements the GDPR,” he told Bloomberg BNA Feb. 2.
The EU-U.S. Privacy Shield data transfer program allows U.S. companies that self-certify their compliance with EU-approved privacy and security principles with the U.S. Department of Commerce to legally transfer personal data from the EU to the U.S. The Privacy Shield is relied upon by over 1,000 companies, including Alphabet Inc.'s Google, Microsoft Corp. and Facebook Inc.
The Privacy Shield rests on a privacy adequacy decision from the EC.
Bange said that any post-Brexit data protection regime is likely to include a “toolkit that is not too dissimilar to that already provided under current EU based data protection laws, so something similar to the EU-U.S. Privacy Shield would seem like a more familiar fit for EU countries and how they view adequacy for data passing through the U.K.”
A spokeswoman for the U.K. privacy regulator, the Information Commissioner’s Office, declined comment Feb. 2 on future prospects for the U.K.’s data transfer arrangements with the EU.
To contact the reporter on this story: Ali Qassim in London at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
The Brexit white paper is available at http://src.bna.com/lWh.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)