U.K. privacy protections were criticized by an activist who told the European Union that the British shouldn’t be trusted to protect user data after Brexit.
The personal data of EU citizens “do not at present have an adequate level of protection in the U.K.,” Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, wrote in a letter to the European Commission on Monday.
The U.K. “lacks an effective independent supervisory authority that is capable of enforcing compliance with data protection law and vindicating data subjects’ rights,” added Ryan.
Without a so-called adequacy decision from the EU by the end of the year, companies would be thrown into legal limbo and no longer be able to transfer data safely across the English Channel. At the risk of hefty fines under the EU’s strict data protection rules, U.K. companies that rely on data flows to and from the bloc would have to quickly find alternatives, involving more paperwork.
An EU adequacy decision would be a green light for such transfers without restrictions. To get there, the U.K. will have to meet a number of strict conditions. One of them is “the existence and effective functioning of one or more independent supervisory authorities,” according to the EU’s General Data Protection Regulation, or GDPR.
EU Regulators Take Tough Data-Transfer Approach After Ruling
The Information Commissioner’s Office, or ICO, said it’s “already equipped for its new role as U.K. data-protection supervisory authority both during transition and beyond” and is “supporting businesses in the run-up to the transition period with guidance and advice.”
The U.K.’s Department for Digital, Culture, Media and Sport said in an emailed statement that it’s “committed to high data protection standards and the U.K. is a global leader in protecting people’s personal data.”
The ICO “already meets the