Data sharing between the UK and the EU is at serious risk post-Brexit as the trading bloc is likely to regard the UK as being as bad as the US when it comes to privacy issues, a law firm has warned.

According to Conexus Law, there is a “strong possibility” that the EU will consider the UK not to have an “adequate data protection regime” required under GDPR, meaning that it will need to develop an alternative data transfer methodology.

However, attempts to do this with the US have repeatedly failed, with its latest approach, Privacy Shield, struck down by the European Court of Justice in July over concerns that it did not adequately protect EU citizens from US government surveillance.

And given the UK’s track record on such matters, similar concerns could plague data sharing with the UK.

“The UK’s use of mass surveillance techniques, our Investigatory Powers Act, and our membership of the Five Eyes intelligence sharing community has raised particular concerns with the EU – especially in relation to the sharing of data with the US, and even more so given the recent Schrems II decision on the Privacy Shield scheme,” said Ed Cooke, founder at Conexus Law.

“What is clear is that once a decision has been made then companies will need to move quickly to ensure they are not severely impacted.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Companies urged to begin preparing for post-Brexit UK-EU data sharing

Given the uncertainty, made worse by growing fears of a no-deal Brexit, Conexus Law has advised companies to begin preparing for the issue now.

If the UK and EU are unable to reach an agreement, companies may have to reach for options such as Standard Contractual Clauses or binding, company-specific corporate rules. Simply getting consent from users to handle data is not expected to be adequate.

“Each of these options has its challenges with consent generally viewed to be unworkable as it can be revoked at any time,” said Cooke.

“Standard Contractual Clauses were upheld in the ECJ in its judgment on Privacy Shield, but the judges did cast some doubt on whether or not these offer suitable protection in all cases without businesses adopting further practical measures such as encryption, to ensure the protection of personal data.”

Companies are also advised to conduct a full audit of the personal data they collect and how and where it is handled and stored, including back-ups. The proliferation of cloud services adds to this challenge, as many of these servers are located throughout the world.


Read more: Data sharing beyond borders: Could ring-fencing be consigned to history?