The European Data Protection Board (EDPB) has contacted British MEP’s to warn that the UK is “at-risk” of losing a data adequacy agreement with the European Union (EU) post-Brexit.
The free flow of data between Britain and the EU would need to be reviewed if sufficient safeguards on data-access for criminal investigations agreed between Britain and the US fail to comply with EU regulations, the board says.
An agreement between the UK and US – released by the UK Government – allows “access to electronic data for the purpose of countering serious crime” which aims to “advance public safety and security, and to protect privacy, civil liberties, and an open Internet”.
In the letter penned to MEP’s, EDPB chair Andrew Jelinek said that the levels of personal data protection, including conditions for access to personal data, must be consistent throughout the EU, particularly with regard to GDPR and Law Enforcement Directive (LED).
Jelinek added that the EDPB “has doubts” as to whether personal data access safeguards in the UK would “apply in case of disclosure obligations applicable to providers of electronic communication service or remote computing service under the jurisdiction of the United States.”
Jelinek said: “Following this preliminary assessment, it is unclear whether the safeguards enshrined in the Agreement would apply to all, if any, requests for access made under the US CLOUD Act.”
- Watch: Skyrora Successfully Completes First Shetland Rocket Launch
- The Data Lab Innovation Week to Reimagine Glasgow as a ‘Circular City’
- NHS Chatbot to Provide Scottish Patients Access to Covid-19 Information
Setting up deals between the UK and the EU post-Brexit is becoming a big issue in Westminster, particularly in the case of a no-deal.
It has been estimated that that personal data exports between the UK and EU were worth over £100 billion in 2018, making it an important decision that is in the interest of both parties to be resolved quickly.
However, for a data adequacy agreement to be decided, an assessment of the UK’s data protection framework need to be carried out by the European Commission (EC).
Jelinek said: “The EDPB stresses that any future agreement between the EU and the US must prevail over US domestic laws and include appropriate data protection safeguards in order to be fully compatible with EU primary and secondary law.
“This notably includes ensuring the continuity of data protection in case of onward sharing and onward transfers. In this context, the EDPB wishes to repeat its call for further improvements to the level of safeguards established by the EU-US Umbrella Agreement, for instance as regards the availability of judicial redress.”