Brussels, BELGIUM — The European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) today reportedly opined that the United Kingdom does not provide adequate privacy protection to allow the transfer of EU personal data.
Under the terms of the EU-UK Trade and Cooperation Agreement, the UK is considered adequate until 30 June 2021. While a Member of the EU, the UK applied the EU data protection and privacy laws. The UK has not introduced any substantive changes to its privacy rules since it left the EU in 2020.
Businesses operating in the UK and the EU rely on unencumbered data flows to provide products and services. According to a recent study, the aggregate cost to UK firms, including UK subsidiaries of EU firms, of no adequacy decision would likely be between €1.16 billion and €1.86 billion.
The LIBE resolution is non-binding and it is expected to be put to a plenary vote next week. The European Commission can adopt the two draft adequacy decisions following Member States’ review.
The following can be attributed to CCIA Europe Senior Public Policy Manager Alexandre Roure:
“This resolution raises concerns for the thousands of companies that rely on EU-UK commercial data flows as part of their day-to-day business.
It would be astonishing if a country that has followed EU rules for decades, suddenly no longer would be deemed to offer “adequate” data protection. The EU should not demand a higher standard for data transfers from its trading partners than its own standard. We hope MEPs will keep these considerations in mind ahead of their final vote.”