The European data protection regulators United in the EDPB are concerned about plans by the European Commission (EC) to allow the transfer of personal data to the United Kingdom again. According to the EC, personal data in the UK is sufficiently protected and personal data can be transferred from the European Union back to the UK.
As the UK has left the European Union, it is no longer bound by the General Data Protection Regulation (GDPR) and the police and Justice directive. Therefore, European companies cannot simply transfer personal data of European citizens to companies in the UK. The European Commission has now proposed two adequacy decisions to make the transfer possible again.
According to the European Commission, the data protection system in the UK is very similar to the European system.
“That’s not surprising either. After all, Brexit has only been a fact for a few months and the UK has ‘copied’ both the GDPR and the police and Justice directive into its own legislation,” the Dutch Data Protection Authority states.
However, European privacy regulators are concerned. In particular, the possibility that personal data will be transferred via the UK to other countries where personal data is not adequately protected. Like the United States. The EDPB has therefore asked the European Commission for clarification and to closely monitor this in the future.
The European Commission should seek advice from the EDPB on the adequacy decisions, but is not obliged to follow the advice. Before 30 June this year, the EC will decide whether to adopt the adequacy decisions. The EDPB is a body in which all national privacy regulators from the European Union cooperate in their oversight of the GDPR.