Tag: data privacy

adequacy, Brexit, British Government, Data Protection, Data transfers

The UK’s Data Dilemma

Posted on by BEERG Brexit Blog

dmcs

In a speech delivered last week, John Whittingdale MP, the United Kingdom’s Minister of State for Media and Data, told a conference of Privacy Laws & Business that he welcomed:

 … the European Commission’s February publication of draft data adequacy decisions for the UK, which rightly reflect our high data protection standards and paves the way for their formal approval.

The draft decisions will now be shared with the European Data Protection Board for a non-binding opinion and the European Parliament before being presented to Member States for formal approval. I urge the EU to fulfil its commitment in the agreed declaration and complete the process promptly.

Whittingdale’s comments came at the end of a speech in which he talked about the UK’s plans to use data to drive economic development. He also talked about the UK’s plans to expand the list of countries to which the UK will grant a “data adequacy” decision, which means that personal data can be seamlessly transferred to such countries from the UK.

Continue reading

Brexit, Data Protection, Data transfers, GDPR

The Schrems II decision and Brexit

Posted on by BEERG Brexit Blog

 

CJEU 2

The Schrems II judgement of the Court of Justice of the European Union (CJEU) makes the transfer of personal data to the US from the EU close to legally impossible. The Court has struck down Privacy Shield as incapable of providing sufficient protection for the personal data of EU citizens transferred to the US and has severely constrained the use of Standard Contractual Clauses (SCCs) as an alternative way of doing so.

The Court’s judgement is rooted in the belief that there is a significant disconnect between the EU’s emphasis on data privacy as a fundamental right, and the US’s stress on the national security imperative for its intelligence agencies to be able to access data transferred to the US. (See here for a useful summary of the background to the case).

The bottom line takeaway from the CJEU’s decision is that, no matter what procedure is used, it is illegal to transfer the personal data of EU citizens to third countries if that data cannot be protected to the standards that the EU demands when it arrives in that country.

The CJEU, in line with the Charter of Fundamental Rights and the wording of the GDPR, has prioritised data privacy over economic considerations. Whether an appropriate balance has been struck is for European politicians to decide.

Continue reading