Brexit Britain Is Failing EU’s Data-Privacy Test, Activist Warns

U.K. privacy protections were criticized by an activist who told the European Union that the British shouldn’t be trusted to protect user data after Brexit.

The personal data of EU citizens “do not at present have an adequate level of protection in the U.K.,” Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, wrote in a letter to the European Commission on Monday.

The U.K. “lacks an effective independent supervisory authority that is capable of enforcing compliance with data protection law and vindicating data subjects’ rights,” added Ryan.

Without a so-called adequacy decision from the EU by the end of the year, companies would be thrown into legal limbo and no longer be able to transfer data safely across the English Channel. At the risk of hefty fines under the EU’s strict data protection rules, U.K. companies that rely on data flows to and from the bloc would have to quickly find alternatives, involving more paperwork.

An EU adequacy decision would be a green light for such transfers without restrictions. To get there, the U.K. will have to meet a number of strict conditions. One of them is “the existence and effective functioning of one or more independent supervisory authorities,” according to the EU’s General Data Protection Regulation, or GDPR.

EU Regulators Take Tough Data-Transfer Approach After Ruling

The Information Commissioner’s Office, or ICO, said it’s “already equipped for its new role as U.K. data-protection supervisory authority both during transition and beyond” and is “supporting businesses in the run-up to the transition period with guidance and advice.”

The U.K.’s Department for Digital, Culture, Media and Sport said in an emailed statement that it’s “committed to high data protection standards and the U.K. is a global leader in protecting people’s personal data.”

The ICO “already meets the

EU’s top court limits government spying on citizens’ mobile and internet data

  • The European Court of Justice (ECJ) has ruled that member states cannot collect mass mobile and internet data on citizens.
  • It said forcing internet and phone operators to carry out the “general and indiscriminate transmission or retention of traffic data and location data” is against EU law.
  • The ruling is in response to several cases brought about by Privacy International and La Quadrature du Net.



a view of a city


© Provided by CNBC


LONDON — The top court in the European Union has delivered another blow to governments seeking to keep tabs on citizens through controversial spying techniques. 

Loading...

Load Error

The European Court of Justice (ECJ), the EU’s highest legal authority, ruled Tuesday that member states cannot collect mass mobile and internet data on citizens.

Forcing internet and phone operators to carry out the “general and indiscriminate transmission or retention of traffic data and location data” is against EU law, the court explained in its ruling.

“However, in situations where a member state is facing a serious threat to national security that proves to be genuine and present or foreseeable, that member state may derogate from the obligation to ensure the confidentiality of data relating to electronic communications,” it continues.

Even in these emergency scenarios, there are rules that must be adhered to.

“Such an interference with fundamental rights must be accompanied by effective safeguards and be reviewed by a court or by an independent administrative authority,” the court said.

The ruling, which has been eagerly anticipated by civil rights campaigners, is in response to several cases brought about by Privacy International and La Quadrature du Net.

The campaign groups argued that surveillance practices in the U.K., France and Belgium go too far and violate fundamental human rights. The groups specifically took issue with the U.K.’s Investigatory Powers Act, a 2015 French decree related