(Bloomberg) — U.K. privacy protections were criticized by an activist who told the European Union that the British shouldn’t be trusted to protect user data after Brexit.
The personal data of EU citizens “do not at present have an adequate level of protection in the U.K.,” Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, wrote in a letter to the European Commission on Monday.
The U.K. “lacks an effective independent supervisory authority that is capable of enforcing compliance with data protection law and vindicating data subjects’ rights,” added Ryan.
Without a so-called adequacy decision from the EU by the end of the year, companies would be thrown into legal limbo and no longer be able to transfer data safely across the English Channel. At the risk of hefty fines under the EU’s strict data protection rules, U.K. companies that rely on data flows to and from the bloc would have to quickly find alternatives, involving more paperwork.
An EU adequacy decision would be a green light for such transfers without restrictions. To get there, the U.K. will have to meet a number of strict conditions. One of them is “the existence and effective functioning of one or more independent supervisory authorities,” according to the EU’s General Data Protection Regulation, or GDPR.
EU Regulators Take