Open Rights Group

News UK Privacy Erosion Sparks EU Civil Society Call to Review Data Deal

04 June, 2025

UK Privacy Erosion Sparks EU Civil Society Call to Review Data Deal

European civil society organisations have written to European Commissioner, Michael McGrath over concerns about the erosion of privacy and data protection in the UK. 

The organisations argue that the divergence from standards required by GDPR and the Law Enforcement Directive mean that the UK’s adequacy status should be re-evaluated.

The signatories highlight a number of laws and policy initiatives that threaten privacy rights in the UK, including the Data (Use and Access) BIll which is expected to be passed by parliament this week.

They also warn that if the Commisison does not act quickly, the adequacy decision for the UK could be struck down by the Court of Justice for the European Union (CJEU) should a case be brought to it.

Mariano delli Santi, Policy Officer at Open Rights Group said:

“Just as the UK strikes a new deal with the EU, our parliament passes a law that threatens future trade and collaboration with Europe. 

“The UK data protection reform was proposed in 2021 by a Brexit government, with the intent of putting the UK further apart from Europe. The Data (Use and Access) Bill is the latest in a series of attacks on data protection and privacy in the UK. Successive governments are not only harming the British public with these attacks but undermining our relationship with the EU.”

“Recycling failed Brexit policies with the DUA Bill contradicts the Labour government efforts to reset EU-UK relationships. By following on Boris Johnson’s footsteps, Labour is making a display of bad leadership in tech.”

“Losing our adequacy status at a time when the UK is trying to improve its economic outlook would be a costly self inflicted wound that must be avoided at all costs.”

‘Adequacy isn’t a courtesy, it’s a legal guarantee that people’s fundamental rights are protected when their data is sent abroad. The UK is systematically rolling back those protections, and in doing so, it is putting at risk not just EU people’s’ data, but the principle of rights-based governance itself. If the Commission extends adequacy despite clear divergence, it sends a troubling signal: that data protection is negotiable when trade or geopolitics are at stake.’

The UK adequacy decision has a ‘sunset clause’ that would have forced the Commission to re-assess the UK data protection regime by June 2025. This deadline was already extended by six months, amid concerns that the DUA Bill could jeopardise UK data protection laws. 

The signatories of the letter are arguing that the DUA Bill would encourage regulatory competition at the expense of fundamental rights and threaten the integrity of the EU single market, and they urge the commission not to grant a new adequacy decision for the UK unless the UK’s data protection framework ensures an equivalent level of protection to that guaranteed under EU law. 

EU Civil Society Groups write to European Commissioner over UK DAta Law

Read the letter