Data Gridlock Averted as U.K. Privacy Rules Set for EU Nod

Bookmark

Feb 19 2021, 6:33 PMFeb 19 2021, 7:55 PMFebruary 19 2021, 6:33 PMFebruary 19 2021, 7:55 PM

(Bloomberg) -- European Union regulators gave their blessing to data-sharing arrangements with the U.K., rescuing businesses from a potential gridlock when a post-Brexit stop-gap comes to an end.

The European Commission, the EU’s executive arm, said Friday it started the process of adopting a pair of so-called adequacy decisions endorsing U.K. privacy protections. The measures, which still need the approval of EU governments, would allow companies to continue shipping data between the U.K. and the now 27-nation bloc.

“We included clear and strict mechanisms in terms of both monitoring and review, suspension or withdrawal of such decisions, to address any problematic development of the U.K. system after the adequacy would be granted,” said European Commission Vice-President Vera Jourova.

The smooth transfer of personal data between the EU and the U.K. -- everything from bank details to your Uber bill -- is vital for business in the region. Although a stop-gap solution was put in place at the end of last year, Friday’s move will lift some pressure from thousands of companies that are already grappling with new paperwork to do business in each other’s markets.

‘Slower than Wished’

The U.K. urged the European Commission to finalize approval swiftly to provide certainty for companies and enable the work of law enforcement authorities. U.K. digital affairs minister Oliver Dowden said EU progress on this has been “slower than we would have wished.”

“The U.K. has a world-class data-protection system, currently the same as the European Union’s, so it is logical that the commission should find the U.K. ‘adequate,’” the U.K. government said in a statement.

The EU’s initial approval of data-sharing will last for four years with a review before extending it for another four years if U.K. data protection is deemed adequate. U.K. data-protection law largely mirrors EU rules at present.

The EU’s draft outlines conditions and limits, including “oversight mechanisms,” for how U.K. public authorities can access data for law enforcement and national security purposes.

Tougher Approach

EU data-protection regulators are adopting a much tougher approach to data transfers after a ruling by the bloc’s top court in July on trans-Atlantic data flows, known as the privacy shield. The judgment also raised the bar for data transfers to non-EU countries by demanding that data protection there must be “essentially equivalent” to that in the bloc.

Once the adequacy decision is adopted, activists will very likely file a legal complaint, arguing data transfers to the U.K. are illegal under EU law due to British surveillance legislation that is similar to the U.S., according to Patrick van Eecke, head of law firm Cooley’s data protection practice in Europe.

He added that the commission was likely buying time to allow policymakers a few years to come up with much more solid solutions should they be legally challenged.