General Data Protection Regulation (GDPR) , Governance & Risk Management , Privacy

Post Brexit, Free Flow of Data Likely to Continue

European Commission Reportedly Finds UK Data Protections Are Adequate
Post Brexit, Free Flow of Data Likely to Continue
Illustration: Miguel Á. Padriñán, Pixabay

The European Commission plans to roll out a new policy that paves the way for European Union nations and the U.K. to continue the free flow of personal data in the wake of Brexit, the Financial Times reports.

See Also: Illumination Summit: Poker & Cybersecurity: A Game of Skill, Not Luck

The Brexit deal, finalized on Dec. 28, 2020, included a clause that allows data transfers from Europe to the U.K. to continue for up to six more months, during which time the EU must make a ruling on whether the U.K.'s privacy rules are as strong as the EU's.

If the U.K.'s rules were judged as coming up short, the free flow of data could have ceased, and special legal agreements would have been needed for each transfer arrangement.

But the European Commission has determined the U.K. has adequate measures in place for the protection of personal information, the Financial Times reports. Its decision, however, has to be cleared by the European Data Protection Board before June 30.

Other Potential Hurdles

Each EU country has its own privacy regulator, which operates independently. So, even if the European Commission approves continued data transfers to the U.K., each regulator potentially could decide not to abide by the deal.

The courts could also come into play. For example, a privacy advocate could lodge a complaint against an EU ruling on data transfers, objecting to the level of access to EU citizens’ data by Britain's Secret Intelligence Service, aka MI6. Austrian activist Max Schrems objected to transfers of European data to the U.S., resulting in Privacy Shield regulations being invalidated.

Sapphire, a U.K.-based legal data privacy consultation service, notes that if the European Commission's ruling is not ratified, the U.K. might have to set up its own version of the EU's General Data Protection Regulation. Plus, U.K.-based organizations without a branch in the European Economic Area – the EU and associated countries - would have to appoint a representative in an EEA country.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent

Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority-rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.