Three months after Europe’s top court adopted two critical adequacy decisions, here’s the state of data transfers across the English Channel.
Adopting two critical adequacy decisions for the UK, the European Commission approved international data transfers to and from the European Union on 28th June 2021.
For big data stakeholders and retail investors alike, this was a moment of relief—for Europe’s top court had sanctioned the flow of data under the terms of the General Data Protection Regulation.
The implications were evident: firms operating in the EU could transfer personal data to the UK without legal hassle or restrictions. For businesses, it meant business as usual.
It was a day untainted by panic selling and buying (a pretty rare spectacle in 2020).
Data transfers & investor confidence:
Investor confidence in the EU-UK trade partnership bolstered—as the EC’s ruling professed its trust in the UK’s propensity to provide similar safeguards to private data as the EU’s stringent data privacy principles set forth by the GDPR.
However, the road wasn’t as straightforward as it seemed. The ratified adequacy agreement include a ‘sunset clause’, meaning the adequacy decisions had come with an expiration date.
In this case, the agreement would remain in effect for four years—following which it shall be subject to review, with the option to renew if the EC deems the law and practice of the UK provide a satisfactory level of data protection.
In all cases, the Commission must reaffirm the adequacy agreement to remain in effect at the end of the four-year term.
“We have listened very carefully to the concerns expressed by the Parliament, the Members States and the European Data Protection Board, in particular on the possibility of future divergence from our standards in the UK’s privacy framework,” commented Věra Jourová, the Vice President of the European Commission for Values and Transparency, in a press statement.
The Commission has emphasised that it would monitor the UK’s treatment of private data and oversee any major deviations from the agreement. However, the European watchdogs didn’t keep the UK from deviating from the agreement ever so slightly, it appears.
Last month, the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) launched a consultation to reform the country’s privacy and data protection regime, proposing a departure from the prohibitive EU GDPR framework to drive growth and innovation by reducing barriers to data flows.
The DCMS aims to achieve reduced administrative burdens by removing “unnecessary barriers to responsible data use”—effectively advocating for ease of commercial operations otherwise hindered by legal impediments.
Why could changes to data transfers potentially be negative?
The most widely cited argument against the GDPR is that it lowers the quality of products and services by inhibiting data collection. In the absence of extensive data on customers, their preferences, activity and pattern of behaviour, it becomes impossible for businesses to offer relevant products and experiences.
This GDPR, in turn, also hinders the ability of AI-enabled digital assistants and machine learning algorithms that rely on the collection and analysis of user data, thereby making them less valuable.
A complete overhaul of the UK GDPR may attract businesses to the UK; however, the risk in doing so far outweighs the potential reward.
Diverging too far from the EU GDPR may lead the EC to believe the UK no longer provides adequate safeguards to user data, prompting it to revoke its adequacy decisions—putting both UK and EU commercial operations in jeopardy—with businesses on both sides incurring losses in billions.
So does the promise of innovation tomorrow justify risking the stability of exchange today?
You can be the judge of that.
About the author:
Abhinav Raj is a political correspondent for the Immigration Advice Service, a UK-based organisation of immigration solicitors that provides Indefinite Leave to Remain (ILR) services, Visa assistance for prospective migrants and pro-bono legal counsel.