The European Data Protection Commission (EDPS) continues to see a need to re-amend the EU Commission’s plan, under which companies and authorities are allowed to continue transferring personal data from the European Union to Great Britain for a period of four years. The European Union Data Protection Officials Authority includes the mass surveillance practiced in the United Kingdom among the points requiring further clarification or special controls.
Independent evaluation and oversight
In the United Kingdom, the security services have broad powers in this area. According to the Investigative Powers Act (IPA) of 2016, GCHQ, which cooperates closely with the National Security Agency, is permitted to undertake massive interventions in the technical apparatus. The civil rights organization Privacy International has only recently been able to investigate long-term legal action that the Secret Service is no longer permitted to penetrate smartphones, computers and entire networks abroad at will on the basis of public court orders to use government Trojans
In this context, EDSA also considers “independent evaluation and oversight of the use of automated processing tools” of the volumes of data collected as essential. It also calls for safeguards under British law when it comes to disclosing personal information overseas. This is essential for national security, particularly regarding exemptions to data protection.
Create a special court
In the case of the United States, the European Court of Justice found again in its ruling against the “Privacy Shield” last year that laws there allow for mass surveillance by security authorities such as the National Security Agency or the FBI. Hence, the data protection standard there does not comply with the European Union standards.
On the issue of the controversial issue of security authorities’ access to personal information provided in the United Kingdom, the Committee welcomes the establishment of a special court in the form of the Investigative Powers Tribunal (IPT). In this way, the remaining “challenges” around legal protection can be better addressed. It was also an important step to familiarize the judicial commissioners with the recent reform of the Istanbul Plan of Action in order to strengthen supervision in this area.
Further evaluation and monitoring
Moreover, EDPS stresses that many other bodies in the panel’s report should be “further evaluated” or monitored in light of the General Data Protection Regulation (GDPR). They point, for example, to an exemption for immigrants and its consequences for restricting the rights of those affected, barriers to further transfer of personal data from the European Economic Area and international agreements between Great Britain and other third countries.
The panel concluded in February that “the UK enjoys an adequate level of data protection”. After Brexit, personal information will not be allowed to flow freely between the two sides unless the European Union formally affirms that British standards are essentially the same as those of society. Crucial European regulations are the General Data Protection Regulation (GDPR) and Parallel Guidelines for data protection in the police and judiciary.
EDSA too Acknowledges nowThe data protection frameworks in the European Union and the United Kingdom are “pretty similar” in certain key respects. The committee refers to the rules for legal and fair handling of legitimate purposes, purpose determination, data quality and proportionality, data storage, security and confidentiality, as well as transparency. In addition, special protection requirements apply to private data categories, automated decision-making and user profiles on both sides of the English Channel.
Great Britain implemented the GDPR and associated directive into national law in 2018, explained Andrea Jellink, President of EDSA. Al-Austrian emphasized that while laws could develop further in principle, this consensus must be preserved. We therefore welcome the committee’s decision on a time limit on the sufficiency to be granted. ”A decisive factor for the inspectors’ blessing was the intention to “closely monitor developments in the UK.” British Prime Minister Boris Johnson has repeatedly emphasized that with Brexit, his government wanted to follow a “separate and independent” line. For the European Union regarding data protection.