Even as the trade and cooperation agreement between the European Union and Great Britain has been agreed in late 2020, the cow is still not far from the ice when it transfers personal data between companies on both sides of the English Channel Comes to The agreement only provides for a transition period of another four months for data transfer since the new year, which can be extended for half a year.
Digital commerce facilities
Since the turn of the year, the United Kingdom has been a third country within the meaning of the General Data Protection Regulation (GDPR). Initially, there was a grace period until December 31, 2020. Without agreement, the transfer of personal data to the British Isles would have been permitted only under the strict conditions of Article 44 of the GDPR. Given the diverse existing supply chains and interwoven business processes, this inevitably led to great legal uncertainties and possibly ongoing data security violations.
According to the European Union Commission, the 1390-page German contract is designed to “remove illegal barriers and create an open, secure and reliable online environment for companies and consumers” as well as high standards for the protection of personal data. Aims to facilitate digital business. Data must be guaranteed. There should be no rules for local storage of information, “the EU’s political path regarding data protection” remains.
British standards must conform to the European Union
On behalf of the European Union, a long-term solution to private trade data flows requires official certifications that the UK standards are broadly set in the GDPR and parallel police and judiciary directives. According to the Brussels governmental institution, Great Britain should also comply with “specific additional” requirements in this area, which results from the European Court of Justice.
According to its own statements, the Commission has been “intensifying” its relevant adequacy decisions for the United Kingdom since March. As soon as she was satisfied with the information received, she would immediately start the adoption process. The European Data Protection Board (EDPB) and member states have to give their space for this. Until then the bridging solution should guarantee “stability and continuity”.
“Some time ago the finish line of Brexit made it work to obtain data transfers in the United Kingdom,” said Dieter Kugelman, a Rhineland-Palatinate data protection officer. “Serious difficulties for the affected companies are avoided at the outset. But companies should not give up. It is important to prepare for the end of the transition period to accommodate business processes if necessary.”
Six out of ten companies transfer data to the UK
The Commission sees the duty of the inspector to “present feasible adequacy decisions in a timely manner”, which also takes into account current ECG legislation. Even though companies can expect such a decision, they should not rely on it. British Prime Minister Boris Johnson repeatedly insisted that with Brexit, his government would pursue a “separate and independent” line of data protection from the European Union. Then there could possibly be no question of comparative level in this area.
Work has not been done yet, warned IT umbrella organization DigitalEurope. The European Union must decide adequacy quickly. A recent relevant study suggests that six out of ten European companies transfer data between the European Union and Great Britain.
No access to Schengen information system
The Brussels executive said ensuring the protection of EU and UK citizens from common and evolving threats such as cross-border crime, cyber crime and terrorism is a shared priority. This requires “effective and rapid collaboration, data exchange and analysis”. Any cooperation with a third country should go hand in hand with “solid and permanent guarantees for the protection of human rights and the basic freedom of the individual, including the protection of data.”
The British no longer have direct access to the Schengen Information System (SIS). According to the commission, the agreement includes “ambitious provisions for timely, effective and efficient exchange” and protection of passenger data (PNR). The stipulation for this is that London recognizes the relevant EU laws and follows the ECJ’s decision on the PNR agreement between the European Union and Canada, which is currently suspended.
Access to national database
According to Thumke, the same applies to rapid interchange of DNA, fingerprints, and vehicle registration data. Here, Great Britain is the first third country to be treated in the same manner as the EU signatory to the Prum Treaty concluded in 2005, as long as it maintains comparative security standards. In this context, access to national databases in the graduation process is based on specific hits for search queries.
Potential disputes about criminal prosecution and the protection of fundamental rights in the field of justice should initially be resolved through a special arbitration process. If this is unsuccessful, cooperation in this area may be suspended or terminated, for example in the event of a serious breach of obligations under the agreement.