European Fee renews UK knowledge adequacy settlement, making certain continued free move of information

The European Fee has renewed its knowledge adequacy settlement with the UK, guaranteeing free move of information with the European Union (EU) for an additional six years.

The settlement assures that the UK’s knowledge safety framework is taken into account to have equal safeguards to the EU, based mostly on two European laws – the Common Knowledge Safety Regulation (GDPR) and the Legislation Enforcement Directive (LED). The prevailing adequacy association was as a consequence of expire on 27 December however will now proceed till the identical date in 2031.

Minister for digital authorities and knowledge Ian Murray mentioned in a put up on X (previously Twitter) that he was “thrilled” on the choice.

“I’m thrilled to welcome the EU’s renewal of its two adequacy choices for the UK. We stay dedicated to enabling safe, trusted knowledge flows between the UK and EU to assist development, innovation and safety,” he wrote.

Henna Virkkunen, government vice-president for tech sovereignty, safety and democracy on the European Fee, mentioned the renewal of information adequacy advantages companies and residents on either side of the Channel.

“It ensures the free move of private knowledge between the European Financial Space and the UK in full compliance with knowledge safety guidelines whereas lowering prices and administrative burdens. This continuity permits European corporations to maintain sharing knowledge seamlessly with their UK companions, supporting innovation, competitiveness and trusted digital cooperation.”

Knowledge adequacy with the EU turned a crucial problem after the UK left the bloc, and the unique 2021 settlement was based mostly on the measures launched by the Knowledge Safety Act 2018 (DPA).

In June this yr, the federal government amended components of the UK’s knowledge safety regime via the Knowledge (Use and Entry) Act, which aimed to make it simpler for companies and the general public sector to share knowledge, which the federal government claimed would ease paperwork and enhance effectivity.

A number of civil society teams wrote in June to Michael McGrath, European commissioner for democracy, justice, the rule of regulation and client safety, calling for the EU to rescind the UK’s knowledge adequacy standing, citing main considerations across the erosion of privateness and knowledge rights and warning of “a substantive danger” that contemporary UK adequacy choices may very well be struck down by the European Courtroom of Justice.

“Permitting third nations such because the UK to learn from unrestricted private knowledge flows with the EU whereas concurrently weakening authorized safeguards at house doesn’t solely endanger the rights of individuals within the EU, it additionally undermines the credibility of the EU’s knowledge safety framework, exposes EU companies to unfair competitors, and devalues the Union’s regulatory management on the worldwide stage,” they wrote.

“The UK authorities’s proposed reforms and up to date actions threaten to imperil the UK’s knowledge and privateness protections. This standing of affairs will gasoline uncertainty and threaten people and companies alike.”

There have been additionally warnings in Parliament that police use of US-based hyperscale cloud suppliers for processing delicate regulation enforcement knowledge might put adequacy with the Legislation Enforcement Directive in danger.

In June 2024, Laptop Weekly revealed that UK policing knowledge uploaded to Microsoft cloud companies is routinely despatched offshore for some types of processing, in an obvious breach of the LED.

Throughout a debate within the Home of Lords in March, Liberal Democrat peer Tim Clement-Jones highlighted how cloud service suppliers routinely processed knowledge exterior the UK, and have been unable to supply contractual ensures to policing our bodies as required by Half Three of the DPA, which implements measures within the LED: “Because of this, their use for regulation enforcement knowledge processing is, on the face of it, not lawful,” he mentioned.

To bypass the dearth of compliance with these switch necessities, the federal government merely dropped them from the brand new knowledge act.

“The federal government’s makes an attempt to vary the regulation spotlight the problem and recommend that previous processing on cloud service suppliers has not been in conformity with the UK GDPR and the DPA,” mentioned Clement-Jones, on the time.

Commenting on the renewal of information adequacy, European commissioner McGrath mentioned, “The UK is a vital strategic companion for the European Union and the adequacy choices type a central pillar of this partnership.

“By enabling the free move of private knowledge, they underpin each industrial exchanges and cooperation within the fields of justice and regulation enforcement. Their renewal displays the Fee’s evaluation that the UK’s authorized framework continues to supply sturdy safeguards for private knowledge that stay intently aligned with EU requirements, together with within the context of current legislative developments.”