Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Ali Qassim
The U.K. should seek privacy adequacy approval from the European Union to allow easier data transfers to continue after Brexit or businesses will be at a “competitive disadvantage,” U.K. lawmakers recently said.
After it officially leaves the EU at the end of March 2019, the U.K. will be treated like other non-EU countries that seek ways to lawfully transfer data from EU member countries—which will stand at 27 after the U.K.'s departure. Obtaining an official European Commission finding that the U.K.'s privacy regime is adequate to protect the privacy of EU citizens’ personal data is critical to maintain effective data transfers in a digital economy, according to a July 18 report from the House of Lords EU Committee.
The report said that three-quarters of data transfers by U.K. companies are with EU countries. If the government fails to secure an adequacy decision, “it could present a non-tariff barrier to trade, particularly in services, putting companies operating out of the UK at a competitive disadvantage,” the House of Lords report said.
The House of Lords committee highlighted its concern “by the lack of detail” on how the government plans to maintain “unhindered” data flows post-Brexit, as well as by its “non-committal” approach to whether it plans “to seek an adequacy decision.”
Ruth Boardman, a data protection partner at London-based firm Bird & Bird, told Bloomberg BNA that the EU’s new General Data Protection Regulation complicates the post-Brexit privacy analysis. U.K. companies that conduct business in the EU will have to comply with the EU’s new privacy regime when it takes effect in May 2018, but that doesn’t mean the U.K. should rush to change its privacy laws to meet GDPR obligations, she said.
“Significant change will just add uncertainty and cost—and will damage attempts for the UK to secure an adequacy decision,” she said.
Jan Philipp Albrecht, a German Green lawmaker and vice-chairman of the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE), said at a July 19 Brookings Institution event in Washington that gaining adequacy approval is difficult, and that recent changes in the U.K. to allow the government easier access to consumer data won’t make the task any easier.
A U.K. Department for Digital, Culture, Media and Sport spokesman told Bloomberg BNA July 19 that the government “is considering all the options” to ensure that the U.K.'s data protection regime “continues to build a culture of data confidence and trust” and ”supports businesses in the global economy.“
The House of Lords panel advised businesses to continue to prepare for the upcoming GDPR, even if the government doesn’t “pursue full regulatory equivalence in the form of an adequacy decision” with the EU.
The committee said that those that hoped for a “clean break” from the EU won’t realize that goal. Since U.K. businesses will have to abide by the GDPR, it must follow “legal controls placed by the EU on transfers of personal data outside its territory,” it said.
Boardman agreed that companies need to take “significant steps to be GDPR-ready,“ adding that many have already started their preparations. “Post Brexit, UK businesses who also operate in, or sell to, the EU, will have to comply with GDPR for that portion of their business,” she said.
U.K.-based companies also need to prepare for cross-border data transfers with the U.S., given that the EU-U.S. Privacy Shield program will cease to apply to the U.K. post- Brexit, the House of Lords committee said.
The Privacy Shield program is used to more easily transfer data out of the EU by over 2,100 U.S. companies, including Facebook Inc., Alphabet Inc.'s Google, and Microsoft Corp., that certify to the Department of Commerce their compliance with EU-approved privacy principles. Limiting U.S. government access to data once it is moved to the U.S. is a fundamental basis underlying the EU’s approval of the system.
Rosemary Jay, privacy and data protection senior consultant attorney at Hunton & Williams in London and who appeared before the committee, said that the U.K. may be able to follow in Switzerland’s footsteps to effectuate cross-border data transfers with the U.S. Switzerland, as a non-EU member, offered a “possible model” for the U.K. to follow, she said.
“Switzerland has an adequacy finding, so it is regarded as equivalent and adequate, and then it has a mirror of the Privacy Shield agreement with the US,” she told the committee.
To contact the reporter on this story: Ali Qassim in London at firstname.lastname@example.org
To contact the editor responsible for this story: Donald Aplin at email@example.com
Text of the House of Lords report is available at http://src.bna.com/qUH.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)