The EU plans to allow to continue the free transfer of personal data from EU countries to the UK after having concluded that the British have ensured an adequate level of protection for private data. This is according to a draft decision adopted by the European Commission.
MEP Patrick Breyer (Pirate Party) is critical of the Commission’s plans:
„Experts have identified a number of issues where UK law does not adquately protect personal data.
Politically the most important reason is indiscriminate mass surveillance by UK intelligence agencies which includes an indiscriminate, non-targeted retention and automated analysis of communications metadata (i.e. mostly of non-suspects). It even seems the UK shares this data with the US which, again, lacks adequate data protection.
The Commission claims there are adequate safeguards in UK law, including their membership to the European Convention of Human Rights (ECtHR) and court orders. However adequacy means that personal data needs to be protected similarly well as in the EU – which goes well beyond the level of protection afforded by the ECtHR. Specifically the European Court of Justice has repeatedly dismissed the indiscriminate collection of the communications metadata of the entire population, including caller information as well as location of mobile devices, no matter which ‘safeguards‘ were implemented.
Already regarding Safe Harbour and Privacy Shield the Commission ignored the grossly illegal US mass surveillance policies. The UK adequacy decisions are likely to be annulled for the same reason. There is also a substantial risk, in my opinion, that the EU–UK Trade and Cooperation Agreement (TCA) itself may be annulled because it gives the UK access to sensitive EU databases despite the lack of adequate protection of personal data.“