Search
Generic filters
Exact matches only
Filter by Custom Post Type
Data, Technology

Brexit: the EU data protection package

The House of Lords EU Home Affairs sub-committee has issued a detailed report reviewing the implications of Brexit for the EU data protection package (comprising the General Data Protection Regulation (GDPR), the Policy and Criminal Justice Directive, the EU-US Privacy Shield and the EU-US Umbrella Agreement).  Whilst the Government has said that it wants to secure unhindered and interrupted flows of data between the UK and EU post-Brexit, the report notes the striking ‘lack of detail in the Government’s assurances’.  Given that failure to reach an acceptable arrangement will lead to potential barriers to trade, the report identifies a number of issues and recommendations:

  • The most effective way to achieve the objective of unhindered flows of data is to secure adequacy decisions from the European Commission which confirm that the UK’s data protection rules offer an equivalent standard of protection. There are alternative mechanisms to facilitate cross-border flows (e.g., individual data controllers and processors could rely upon Standard Contractual Clauses and Binding Corporate Rules) but these are sub-optimal and may not be available to some types of companies.  There is, of course, an outstanding legal challenge in Schrems II  against Standard Contractual Clauses.
  • However, as an adequacy decision can only be taken in respect of a ‘third country’, a transitional arrangement must be agreed during the withdrawal negotiations.
  • As the EU-US Privacy Shield will no longer apply to the UK post-Brexit, EU rules may require the UK to show that it has arrangements in place with the US affording the same level of protection (e.g., Switzerland has secured both an adequacy decision from the EU and a mirror of the Privacy Shield agreement).
  • There is no prospect of a ‘clean break’ in data protection rules. Even if the UK does not seek to secure an adequacy decision, the GDPR has extra-territorial reach in that it applies to transfers of data from the EU to the UK.
  • As a third country, the UK could find itself subject to a higher standard than as a Member State.
  • The UK has a strong track record of influencing the development of EU data protection and retention rules. In order to ensure continued UK influence, the Government should seek to secure a continuing role for the Information Commissioner’s Office on the European Data Protection Board.
  • In the longer term, the Government should aim to influence the development of an international treaty on data protection.

It will be necessary to address these points to enable uninterrupted trade between the UK and the EU post Brexit. The government will need to commit to concrete plans around data protection sooner rather than later so companies can ensure they are compliant.  And the devil, of course, will be in the detail.

Shaper: Nigel Birell

Having initially joined the company as its first Non-Executive Director in 2013, Nigel Birell is CEO of the Lottoland Group, a multi territory regulated, fast growing gaming group with a workforce of 350 people in 11 locations, and nine million registered customers in its 13 markets. Nigel is also the: Non-Executive Chairman of the London [...]

Read More...

Jazz Shapers - 7 days ago

Shaper: Ciro Romano

Ciro Romano is the founder and festival director of Love Supreme Jazz Festival which since its birth in 2013 now gathers 50,000 people in its weekend attendance and has become the largest jazz festival in the UK. Ciro had envisioned himself in the Music industry since a young teenager where he would attend Music festivals [...]

Read More...

Jazz Shapers - 2 weeks ago