Another disaster can be added to this: Since Great Britain is no longer in the EU, there is no legal basis for data exchange through the English Channel, until now temporary solutions have been in place. So here too there can be penalties for a large number of companies. “Almost every big company, but also medium-sized companies in Germany and Europe and exchange data with locations in the island,” Rebecca Wei told Handsblatt from the digital association Bitcom.
To end the period of the interim solution, the EU Commission UK wants to certify the highest data security standards in the coming days and thus enable data exchange without restrictions. So far, the European Union has granted this status to twelve countries worldwide. The USA lost it in a ruling by the European Court of Justice (ECJ) because they did not want to protect user data from accessing their secret services.
However, secrecy suspects that Britain has earned this status. Because the British have never taken data security seriously like other Europeans. “The British GCHQ has shared its findings with the American NSA very freely. The level of data security set by the ECJ will be reduced, ”says the data security officer of Baden-Württemberg, Stephen Brink.
Top employment of the day
Find the best jobs now
Be notified by email.
“Even as a member state, Great Britain had a contingent approach to sensitive data,” says FDP MEP Moritz Körner. And Estelle Massey of human rights organization Access Now says: “Britain has not changed its surveillance laws and it is uncertain how London will change its data protection laws.”
Nonetheless, Vera Jurova, vice-chairman of the European Union Commission, wants “substantial” data protection implemented in Great Britain. The country’s data protection laws and legal action options are examined for such a decision. There is no problem with the laws. Eventually, Great Britain, like all EU countries, implemented the General Data Protection Regulation before Brexit. Possibilities of taking legal action could be worse now, as at least users can no longer turn to the European Court of Justice in violation of their rights in Great Britain.
The situation is contradictory: the European Union can investigate the data security of its trading partners and issue conditions for data transfer accordingly. However, it does not investigate data security in its own member states because it is not responsible for it.
As a country of the European Union, Great Britain was to implement the General Data Protection Regulations. But there was no real test of how well the data is protected by secret services. Now that Great Britain is no longer a member of the European Union, the EU Commission will have effective means to enforce its level of data protection.
However, the pressure is too high not to use it. While negotiating the trade agreement, both sides tried not to spoil the mood in any way. Perhaps this is the reason why the subject of the data stream was omitted. Since the diplomatic scandal around the border between Northern Ireland and Ireland in January, Europeans have been very concerned about creating a good mood.
Advocates of EU secrecy are unlikely to object
Even data protectionists of the European Union have no objection. “There is a lot of pressure on data protection authorities to support the decision on Great Britain,” says data protection officer Brink.
However, the European Court of Justice will not be so easily affected. Twice he overturned the decision to exchange data with the USA: first “Safe Harbor”, then “Privacy Shield”. To protect users’ data, the ECJ acknowledged that European companies would now fear higher fines.
The European Union Commission presented the ECJ with a difficult situation. Because many European companies rely on USA data services. There is often no European option. If the commission takes the ruling seriously, it will have to push for changes in the law in the US or convince local companies to make important applications.
Great Britain also has a lot to offer. “The United Kingdom is one of the most important locations for data processing, for example in the areas of logistics, customer relations and mobility, but also for cloud services, customer and maintenance services.” The ECJ can also review the decision on Great Britain if anyone complains against it.
Excess: Is now the time for European cloud companies? Two opinions