British data protection standards are “adequate”, the EU has ruled in a long-awaited decision allowing digital information to continue to flow between the UK and the bloc. But Brussels warned the Boris Johnson government against weakening UK standards.
If a positive decision was not made, it would have risked plunging British businesses into chaos, leaving industries from banking to logistics scrambling to establish more costly bureaucratic alternatives for sharing data.
The UK’s “proper” status is guaranteed for four years, but the commission warned it could be withdrawn if UK law no longer provides protection to EU citizens over how their data is used.
European Commission Vice-President Věra Jourová said: “The UK has left the EU, but today its legal regime for the protection of personal data is the same as it was. Because of this, we are making these adequacy decisions today. “
He added that the commission had listened “very carefully” to the concerns expressed by the European Parliament, EU members and the European Data Protection Board, “in particular about the possibility of future divergences from our privacy standards. from United Kingdom.
“We are talking here about a fundamental right of EU citizens that we have a duty to protect. That is why we have important safeguards and if something changes on the UK side, we will intervene, ”Jourová said.
John Foster, policy director at the Confederation of British Industry, said progress on the EU-UK alignment decision would be welcomed by businesses across the country. “The free flow of data is the foundation of the modern economy and is essential for companies in all sectors, from automotive to logistics, and plays an important role in the daily trade of goods and services.”
During the Brexit transition period, the government largely copied key EU legislation into the UK statute book, in particular the landmark General Data Protection Regulation (GDPR) and the Law Enforcement Directive. , which governs the exchange of data in the police and law enforcement agencies.
Brexiters at Tory banks are pressuring Boris Johnson to ditch the “prescriptive and inflexible” GDPR. A task force set up by Downing Street to “seize the new opportunities of Brexit” said the GDPR should be replaced by UK data protection laws. The EU GDPR “overwhelms people with requests for consent and complexity that they cannot understand while unnecessarily restricting the use of data for valuable purposes,” it states. the report of the working group prepared by Iain Duncan Smith, Theresa Villiers, and George Freeman.
The group said consumers need stronger rights, while data must be “free[d] up ”to enable the UK to capitalize on artificial intelligence and data-driven healthcare. The prime minister promised to give his report “the detailed consideration it deserves” as he claimed that there was a “tangle of burdensome and restrictive regulations that has developed around our industries over the past half century.”
During the Brexit negotiations, analysts at the New Economics Foundation warned that the absence of an agreement on the data could cost UK businesses up to £ 1.6bn, either in compliance costs or higher prices for goods and services. Any company that shares data between the UK and the EU, via payroll or medical records, could be affected if Brussels decides to withdraw the adequacy.
Only 12 countries, including Canada, Switzerland and New Zealand, have positive EU adequacy decisions. The US was deemed partially adequate, but these decisions have been twice rejected by the European court of law, in rulings showing how fragile EU data sharing decisions can be. The two legal victories for privacy activist Max Schrems concluded that the EU-US agreements. Regarding the exchange of data, they did not protect EU citizens from spying by US intelligence agencies.
George is Digismak’s reported cum editor with 13 years of experience in Journalism