Open Rights Group has warned that the Data Protection and Digital Information (DPDI) Bill could allow Meta to get around the suspension of data transfers from Europe to the United States, which was imposed by Ireland’s data protector regulator today.
The Data Protection Commission issued Meta with a fine of €1.2bn (£1bn) for mishandling Facebook users’ data when it was transferred from the European Union (EU) to the United States (US). The transfer of data between the EU and US has also been suspended, although Meta has been given five months to enact this. If the UK passes the DPDI Bill, it could create a loophole that could allow EU data to be transferred to the US via the UK.
Abigail Burke, Policy Manager for Open Rights Group said:
“It is very welcome to see a data protection regulator taking strong enforcement action against companies that fail to protect their users’ data.
“However, today’s decision exposes flaws in the Data Protection and Digital Information Bill, which could allow the UK to transfer data to countries that have poor data protection. In effect this could allow the data of EU citizens to be laundered through the UK.
“This bill could threaten the impact of decisions by data protection regulators as well as jeopardizing the UK’s current adequacy agreement with the EU.”
Weakening of protection for data transfers
Schedule 5 of the DPDI Bill lowers the protections for personal data that is transferred abroad from the UK. It gives the Secretary of State the powers