Brexit Britain Is Failing EU’s Data-Privacy Test, Activist Warns

U.K. privacy protections were criticized by an activist who told the European Union that the British shouldn’t be trusted to protect user data after Brexit.

The personal data of EU citizens “do not at present have an adequate level of protection in the U.K.,” Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, wrote in a letter to the European Commission on Monday.

The U.K. “lacks an effective independent supervisory authority that is capable of enforcing compliance with data protection law and vindicating data subjects’ rights,” added Ryan.

Without a so-called adequacy decision from the EU by the end of the year, companies would be thrown into legal limbo and no longer be able to transfer data safely across the English Channel. At the risk of hefty fines under the EU’s strict data protection rules, U.K. companies that rely on data flows to and from the bloc would have to quickly find alternatives, involving more paperwork.

An EU adequacy decision would be a green light for such transfers without restrictions. To get there, the U.K. will have to meet a number of strict conditions. One of them is “the existence and effective functioning of one or more independent supervisory authorities,” according to the EU’s General Data Protection Regulation, or GDPR.

EU Regulators Take Tough Data-Transfer Approach After Ruling

The Information Commissioner’s Office, or ICO, said it’s “already equipped for its new role as U.K. data-protection supervisory authority both during transition and beyond” and is “supporting businesses in the run-up to the transition period with guidance and advice.”

The U.K.’s Department for Digital, Culture, Media and Sport said in an emailed statement that it’s “committed to high data protection standards and the U.K. is a global leader in protecting people’s personal data.”

The ICO “already meets the

Cambridge Analytica ‘Did Not Influence Brexit Referendum’

Cambridge Analytica’s harvesting of Facebook data didn’t affect the UK’s Brexit referendum as the data related to US rather than British voters, an investigation has concluded.

According to a report from the Information Commissioner’s Office (ICO), parent company SCL and Global Science Research – which obtained the data of Facebook users and their friends through a quiz app – appear to have considered targeting UK voters, but abandoned the idea.

“From my review of the materials recovered by the investigation I have found no further evidence to change my earlier view that SCL/CA were not involved in the EU referendum campaign in the UK – beyond some initial enquiries made by SCL/CA in relation to UKIP data in the early stages of the referendum process,” writes information commissioner Elizabeth Denham.

“This strand of work does not appear to have then been taken forward by SCL/CA.”

The report concludes a three-year investigation that saw Cambridge Analytica’s offices raided in 2018. It had been alleged that, under Russian influence, the companies had attempted to steer the UK into voting to leave the European Union.

The ICO has confirmed that it found evidence of poor data handling practices, with data held in several locations and shared using personal Gmail accounts.

However, it says that Cambridge Analytica did make some efforts to delete the data when asked by Facebook to do so in 2016. Ironically, the company’s claim that it held 5,000 data points on each of 230 million adult Americans turned out to be a big exaggeration.

But as for evidence of Russian involvement in the Brexit referendum, the ICO said it was not qualified to comment, adding that it had already handed over what evidence it had to the National Crime Agency.

“What is clear is that the use of digital