By Dave McKay | May 20, 2021
EU Parliament votes on UK Adequacy Decision Today
This morning the European Parliament will debate the adequacy or otherwise of the protection of personal data provided by the United Kingdom’s data protection framework. This is the UK’s version of GDPR as contained within the Data Protection Act 2018 (DPA 2018). Two resolutions will then be put to the vote.
Although we’ve come this far and we’re close, it isn’t a done deal. The Civil Liberties Committee (LIBE) passed a resolution last week calling on the European Commission to amend its drafted adequacy decision to bring it in line with the opinions of the European Data Protection Board (EDPB).
The previous vote—which brought us to this point in the process—was split. It was passed by 37 votes to 30. The decision statement noted that the UK’s data protection regime is largely similar to the EU’s. This is not a surprise. The GDPR in the DPA 2018 is our implementation of the EU GDPR that we needed to put in place in order to have UK legisation that enforced EU GDPR.
The EDPB and some MEPs are worried about UK bulk access practices by law enforcement, onward transfers, exemptions for national security and immigration, and other points. GDPR provides for country-specific variations for these subjects, but the variations still have to be widely acceptable.
“Adequacy should be granted only after the specific elements of UK law or practice that are still a matter of serious concern have been properly assessed,” explained rapporteur Juan Fernando López Aguilar.
It’s the possibility of indiscriminate access to data that worries some MEPs.
“Without changes, national data protection authorities should suspend transfers of personal data to the UK when indiscriminate access to personal data is possible,” said MEPs.
This sent shockwaves through industry support groups.
“We respectfully, but profoundly disagree with the LIBE Committee conclusions today – we believe the high standard of the United Kingdom’s data protection regime – being based on the UK’s implementation of the GDPR – is evident and is beyond any doubt essentially equivalent to the EU’s,” said tech trade association, ITI, director general for Europe, Guido Lobrano.
The ITI and 15 other groups wrote to MEPs ahead of today’s vote urging them to formally award an adequacy decision on the UK’s data protection framework.
They said:
“…the negative consequences of an interruption in data flows would be substantial to businesses in the UK and EU, given the EU remains the UK’s main trading partner and EU exports to the UK in 2019 alone amounted to approximately €430 billion.”
Source: ResearchLive