Privacy & Information Security Law Blog

On May 11, 2021, the European Parliament issued a press release requesting that the European Commission amend its draft decisions on UK adequacy to more closely align with EU court rulings and the opinion of the European Data Protection Board (“EDPB”). The request came after the Parliament’s Civil Liberties Committee (the “Committee”) passed a resolution evaluating the Commission’s approach regarding the adequacy of the UK’s data protection regime. The Members of European Parliament (“MEPs”) stated that if the Commission’s implementing decisions are adopted without amendment, transfers of personal data to the UK should be suspended when there is the potential for indiscriminate access to personal data.

The Committee pointed to the EDPB’s concerns over bulk access to data in the UK and reservations over onward transfers of data to third countries outside of the European Economic Area (“EEA”). In particular, the Committee commented that the UK’s data sharing agreements with the U.S. risk EEA personal data being shared with the U.S., potentially in conflict with the Schrems II decision of the Court of Justice of the European Union (“CJEU”) (finding the standard of protection offered in the United States to EU/UK personal data to be inadequate). The Committee highlighted the UK’s application to join the Comprehensive and Progressive Trans-Pacific Partnership (“CPTTP”), which includes data transfer provisions, noting that other signatories of the CPTTP have not received an adequacy decision from the European Commission.

With respect to bulk access to data, the Committee commented that the UK’s legislative regime currently allows for bulk access to personal data and bulk retention of data, which it states is inconsistent with data protection principles and rights under the EU General Data Protection Regulation (“GDPR”). The Committee also commented that the UK grants broad exemptions from data protection obligations for national security and immigration purposes, areas in which there is limited court oversight.

Rapporteur Juan Fernando López Aguilar stated, “The Civil Liberties Committee considers that a decision on adequacy should be granted only after the specific elements of UK law or practice that are still a matter of serious concern have been properly assessed. Therefore, we call on the Commission to modify the implementing decision to avoid repeating previous mistakes.”

The draft resolution is set to be debated and voted on during this week’s European Parliament plenary session. The European Parliament does not, however, have the ability to block adoption of the adequacy decision. The European Commission will request approval from EU Member States' representatives as part of its comitology procedure and adopt the decision if approved.