UK risks post-Brexit data stance

0


[ad_1]

Hell has no fury like a despised bureaucracy.

Do you know someone who insists on having their own way all the time and wants to be in control of your relationships with others? I hope not, but a lot of us do. What do you think would happen if you angered this person by ending your 40-year relationship with them, but they could still influence the way you treat others? He would be angry, irrational and punitive.

Our British friends are feeling most of this momentum right now, as they ‘broke’ with the EU last year, but the EU is threatening to punish the UK for changing one of its data relations with some thirds. The current battle involves the huge, Octopean data privacy bureaucracy that has metastasized in Europe over the past 25 years, dipping its guns into almost every business and government activity. Brexit forced the UK version of this government privacy institution to separate from the EU version.

Over the years, official UK privacy statements have focused more on protecting common sense consumers and less on French and German extremism. For example, when the European Court of Justice rejected certain methods of transferring data to responsible companies in the United States, UK privacy regulators suggested methods to resolve issues while protecting personal data. German and French bureaucrats took the opportunity to suggest that no personal data should be sent to the United States and that Europe should insist that the data remain in the country it originated from.

Now that the UK has separated from the EU, such moderation will no longer be tolerated.

Generally, if you fail to meet your obligations under a law, you are classified as non-compliant. When the EU doesn’t think your country is meeting its data privacy obligations, it finds you ‘unsuitable’. EU privacy panjandrums assume that everyone is ‘unsuitable’ and some countries are on their knees asking for a positive adequacy decision. In the last 26 years of the current EU confidentiality regime, out of the 249 countries of the world, the EU has recognized the suitability of certain territories surrounded by the EU, small adjacent islands and Argentina, Canada, Israel, New Zealand, Uruguay and Japan. French privacy bureaucrats even publish a map of “suitable countries” and “partially adequate countries.” Of course, like the vast majority of nations, the United States has never been deemed even partially adequate.

UK has to be adequate, right? Its entire data privacy regime has developed with the EU system following EU rules. How could you complain about that?

The EU dragged its feet, but ultimately reluctantly recognized that the UK’s data privacy system – essentially the same as data privacy systems in all other EU countries – was adequate. But, unlike other EU adequacy decisions, which have been granted indefinitely, for the first time in history, EU data-crats have labeled a country’s adequacy status, including including a “sunset clause” whereby the UK’s adequacy expires in four years. In addition, the EU has given itself the right to intervene at any time and withdraw the adequacy decision.

Is this status really important? Yes, this can have important practical implications. The EU can impose fines on companies for sending personal information from the EU to an inappropriate jurisdiction, which in the digital age could reduce trade with that country. This is a particular problem for the United Kingdom, which has deeply rooted its trade relations on the European continent.

And the UK has just pushed the sleepy bureaucratic bear. As the UK prepares for a change of leadership within its data protection authority, it is considering meeting the requirement for online cookie banners and other attempts to protect consumer data that do not not work as expected. The UK discussed the possibility of going further in the application of ‘common sense’ data and ‘the end of the checkboxes’. The European Commission was listening and reacted quickly. According to Reuters, “Britain has said it will reform the data rules it agreed to as an EU member by taking a ‘common sense’ approach that could help it secure partnerships data with the United States and other countries, immediately pulling a warning from Brussels. Data adequacy partnerships mean organizations would not have to implement costly compliance measures to share personal data internationally when doing business, the UK’s Digital Department said in a report. communicated.

This broad declaration of intent to use common sense has infuriated EU regulators who, like angry mafia bosses, are already threatening the UK with “consequences”. The European Commission has officially warned that its UK adequacy decision “may be terminated or changed at any time by the Commission.” This can be done immediately in a justified emergency. The urgency, of course, being for the UK to actually apply logic, rather than emotion, to data protection decisions.

Nothing has yet happened on either side of the Channel to endanger the UK’s adequacy status. However, the tenuous nature of the UK’s status compared to others that have achieved ‘fit’ and the speed with which the European Commission has acted in a threatening manner, if only for a breath of change, foreshadows that the EU is likely to overreact to any change. in the UK’s position on data privacy enforcement, no matter how small and insignificant.

Fortress Europe clearly feels threatened by the prospect of a potentially more relaxed or more business-friendly approach to data protection. A program that could cast a shadow over the multibillion-dollar Big Tech fine programs so popular in the EU at the moment. I’m sure there is some logic in the positioning of the EU, but it feels more emotional – as a way to punish the country for breaking a long-term romance.

Copyright © 2021 Womble Bond Dickinson (US) LLP All rights reserved.Revue nationale de droit, volume XI, number 250

[ad_2]

Leave A Reply

Your email address will not be published.