The UK is very likely to struggle to get an adequacy decision from the EU following the end of the transition period, according to a GDPR expert speaker at next week’s Last Thursday in Privacy.
Andrew Sharp, practice lead at Securys, is part of the panel, “Brexit Series: GDPR and the Future of the UK – Data Flows Post-Brexit” at LTIP on 30 July, organised by Data Protection World Forum.
He says, as a third country rather than an EU member, the Commission must consider the UK’s wider respect for individual rights and freedoms, including the access of public authorities to personal data and data subjects’ access to judicial redress for privacy violations.
The UK’s Investigatory Powers Act 2016, which was ruled incompatible with EU law by the European Court of Justice, will present a major obstacle in receiving an adequacy decision. Additionally, says Mr Sharp, the UK’s membership of the “Five Eyes” Intelligence alliance, may pose a further threat to an adequacy judgement as some members of the alliance do not themselves have an adequacy decision. Even further, with the invalidation of the Privacy Shield and the new provisions surrounding SCCs, and the UK’s commitment to maintaining its data sharing agreements with the US, it is likely that the UK will find it very hard to gain an adequacy decision.
“It is likely that there will be increased pressure on EU businesses to keep data within the EU, or at least away from countries deemed not adequate because of state surveillance and where, therefore, SCCs won’t provide sufficient protection. We can expect to see a migration of application and data hosting for EU businesses into the EU and to countries with an adequacy decision.”
In cases where SCCs are appropriate, data controllers will have to demonstrate that SCCs do provide sufficient safeguards through documented risk assessments, ensuring that the SCCs in place “will not be invalidated by state surveillance and a lack of judicial remedy for any resulting violation of privacy”.
To register to watch Andrew Sharp (Practice Lead at Securys), Sarah Armstrong-Smith (Microsoft’s chief security advisor), and Perry Keller (King’s College London reader in Media and Information Law) will discuss “Brexit Series: GDPR and the Future of the UK – Data Flows Post-Brexit” at Last Thursday in Privacy on July 30, click here.
To register to see Last Thursday in Privacy’s upcoming interview with Max Schrems on July 30, click here.
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.