Post Brexit, Free Flow of Data Likely to ContinueEuropean Commission Reportedly Finds UK Data Protections Are Adequate
The European Commission plans to roll out a new policy that paves the way for European Union nations and the U.K. to continue the free flow of personal data in the wake of Brexit, the Financial Times reports.
The Brexit deal, finalized on Dec. 28, 2020, included a clause that allows data transfers from Europe to the U.K. to continue for up to six more months, during which time the EU must make a ruling on whether the U.K.'s privacy rules are as strong as the EU's.
If the U.K.'s rules were judged as coming up short, the free flow of data could have ceased, and special legal agreements would have been needed for each transfer arrangement.
But the European Commission has determined the U.K. has adequate measures in place for the protection of personal information, the Financial Times reports. Its decision, however, has to be cleared by the European Data Protection Board before June 30.
Other Potential Hurdles
Each EU country has its own privacy regulator, which operates independently. So, even if the European Commission approves continued data transfers to the U.K., each regulator potentially could decide not to abide by the deal.
The courts could also come into play. For example, a privacy advocate could lodge a complaint against an EU ruling on data transfers, objecting to the level of access to EU citizens’ data by Britain's Secret Intelligence Service, aka MI6. Austrian activist Max Schrems objected to transfers of European data to the U.S., resulting in Privacy Shield regulations being invalidated.
Sapphire, a U.K.-based legal data privacy consultation service, notes that if the European Commission's ruling is not ratified, the U.K. might have to set up its own version of the EU's General Data Protection Regulation. Plus, U.K.-based organizations without a branch in the European Economic Area – the EU and associated countries - would have to appoint a representative in an EEA country.