June 24, 2021

Volume XI, Number 175

Advertisement

June 23, 2021

Subscribe to Latest Legal News and Analysis

June 22, 2021

Subscribe to Latest Legal News and Analysis

June 21, 2021

Subscribe to Latest Legal News and Analysis

MEPs Urge European Commission to Amend Draft UK Adequacy Decision

On May 11, 2021, the European Parliament issued a press release requesting that the European Commission amend its draft decisions on UK adequacy to more closely align with EU court rulings and the opinion of the European Data Protection Board (“EDPB”). The request came after the Parliament’s Civil Liberties Committee (the “Committee”) passed a resolution evaluating the Commission’s approach regarding the adequacy of the UK’s data protection regime. The Members of European Parliament (“MEPs”) stated that if the Commission’s implementing decisions are adopted without amendment, transfers of personal data to the UK should be suspended when there is the potential for indiscriminate access to personal data.

The Committee pointed to the EDPB’s concerns over bulk access to data in the UK and reservations over onward transfers of data to third countries outside of the European Economic Area (“EEA”). In particular, the Committee commented that the UK’s data sharing agreements with the U.S. risk EEA personal data being shared with the U.S., potentially in conflict with the Schrems II decision of the Court of Justice of the European Union (“CJEU”) (finding the standard of protection offered in the United States to EU/UK personal data to be inadequate). The Committee highlighted the UK’s application to join the Comprehensive and Progressive Trans-Pacific Partnership (“CPTTP”), which includes data transfer provisions, noting that other signatories of the CPTTP have not received an adequacy decision from the European Commission.

With respect to bulk access to data, the Committee commented that the UK’s legislative regime currently allows for bulk access to personal data and bulk retention of data, which it states is inconsistent with data protection principles and rights under the EU General Data Protection Regulation (“GDPR”). The Committee also commented that the UK grants broad exemptions from data protection obligations for national security and immigration purposes, areas in which there is limited court oversight.

Rapporteur Juan Fernando López Aguilar stated, “The Civil Liberties Committee considers that a decision on adequacy should be granted only after the specific elements of UK law or practice that are still a matter of serious concern have been properly assessed. Therefore, we call on the Commission to modify the implementing decision to avoid repeating previous mistakes.”

The draft resolution is set to be debated and voted on during this week’s European Parliament plenary session. The European Parliament does not, however, have the ability to block adoption of the adequacy decision. The European Commission will request approval from EU Member States’ representatives as part of its comitology procedure and adopt the decision if approved.

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 137
Advertisement
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement