Companies Warned To Prepare For Data Transfer Challenges

A new US administration may not necessarily bring with it a new data transfer pact between the EU and the United States, the top EU data protection authority has said.

And experts have warned that 2021 is also likely to bring in fresh challenges to British companies exchanging data with EU organisations, due to a change in the UK’s designation under EU privacy law.

The EU Court of Justice (CJEU), the bloc’s top court, in July struck down a transatlantic data-sharing agreement called Privacy Shield that had been in place since 2016, when it replaced the earlier Safe Harbour arrangement.

The deal allowed companies in the EU – which at the time included the UK – to exchange data with firms based in the US, including, in many cases, their own parent companies in Silicon Valley.

The Court of Justice of the European Communities in Luxembourg. ECJ

Privacy Shield

But the CJEU determined the risk was too great of US government surveillance accessing the personal data of EU citizens.

Since then, companies have been using a mechanism called standard contractual clauses to transfer data around the world.

The EU and the US are working on a successor to Privacy Shield, but European Data Protection Supervisor (EDPS) Wojciech Wiewiorowski warned companies not to expect a resolution in the short term.

“I don’t expect a new solution instead of Privacy Shield in the space of weeks, and probably not even months, and so we have to be ready that the system without a Privacy Shield-like solution will last for a while,” Wiewiorowski told Reuters.

He said a new arrangement could require changes to US national security law and said the new administration may not “take this topic as the most important”.

The European Union is also proposing revisions to standard contractual clauses and Wiewiorowski called the proposals “promising”.

UK data transfers

EU concerns about protecting citizens’ data are also likely to affect data transfers between the EU and the UK in the new year.

The UK continues under the authority of the EU’s GDPR privacy legislation until 31 January, after which it will be designated as a “third country” for EU data protection purposes.

The UK and the EU are negotiating a GDPR equivalency agreement, but in the absence of such a deal UK firms face challenges similar to those in the US in ensuring they can transfer personal data across international borders.

“As crazy as it may seem given that the UK has been part of EU Data Privacy since 1984, when the UK ends its transitionary stage with the EU at the end of the year, it will not automatically retain its GDPR equivalency,” said Darren Wray, chief technology officer at data privacy consultancy Guardum.

He said companies will need to put special contractual agreements in place to carry out such transfers and warned that the validity of such arrangements is “likely to be challenged”.

Legal challenge

Wray noted that in the legal challenges that brought down Privacy Shield and Safe Harbour, the UK was named as a partner in some of the US global surveillance programmes causing privacy concerns.

“This, combined with regulation such as the Regulatory Investigatory Powers Act 2000 (RIPA) which enshrines state surveillance in UK law, means that EU firms will be forced to see the UK as not offering adequate EU data protection,” Wray said.

He said UK organisations should act now to review their international data transfer arrangements and review client and vendor agreements concerning data.

British companies should consider investing in redaction software to automatically remove personal data from documents being sent across borders for processing, Wray said.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Cryptocurrency Warning From Bank Of England Governor

Blunt message from Bank of England governor Andrew Bailey, warning people only to buy cryptocurrency…

20 hours ago

Jeff Bezos Offloads $2 Billion In Amazon Shares

Needs some spending money...Amazon CEO Jeff Bezos has this week sold nearly $2 billion worth…

21 hours ago

Twitter Suspends Account Sharing Trump Posts

Shutdown again. An account has been suspended by Twitter for sharing the posts from Donald…

22 hours ago

IBM Claims Breakthrough With 2 Nanometer Chip

Research boffins at IBM are touting a major leap forward in performance and energy efficiency…

2 days ago

Twitter Now Prompts Users To Revise ‘Harmful Replies’

Trolls beware. Twitter releases feature that will deliver a 'reconsider prompt' for users, if they…

2 days ago

Old Routers Pose Security Risk, Warns Which?

Elderly routers that can no longer receive firmware updates posed security risk to millions of…

2 days ago