Well who saw that coming? Suddenly at about 10.30 on Thursday morning came the announcement that the UK Government and the EU have agreed a Brexit deal. It came as something of a surprise as public pronouncements from both sides of the negotiations had been suggesting a deal was increasingly unlikely. Maybe this was expectation management in action because out of the blue on Thursday morning was a revised Withdrawal Agreement. Importantly the Agreement was accompanied by a new version of the Political Declaration which outlines the direction of future UK/EU negotiations (more of this below).
Shortly after the announcement of a deal came the news that the Westminster Parliament had voted to sit on Saturday in order to ratify the Withdrawal Agreement that has been hammered out. With the Democratic Ulster Unionists and others refusing to support the agreement it is far from clear that the Agreement will win Parliamentary backing.
The Importance of Data Flows
The Political Declaration that sits alongside the draft Withdrawal Agreement is a statement of intent and is not legally binding on either the UK or the EU. Nevertheless, it is worthwhile pointing out that right up front in the Political Agreement is a section on Data Protection. The prominence of this section – second in the list of “Initial Provisions” – suggests a genuine wish to secure a basis for the transference of data between the UK and EU once the UK has exited. The opening paragraph of the section reads as follows:
In view of the importance of data flows and exchanges across the future relationship, the Parties [the UK and EU] are committed to ensuring a high level of personal data protection to facilitate such flows between them.
The Union’s data protection rules provide for a framework allowing the European Commission to recognise a third country’s data protection standards as providing an adequate level of protection, thereby facilitating transfers of personal data to that third country. On the basis of this framework, the European Commission will start the assessments with respect to the United Kingdom as soon as possible after the United Kingdom’s withdrawal, endeavouring to adopt decisions by the end of 2020…
Positive Data Protection News for Businesses
For businesses transferring data to or from EU Member States this is encouraging. It has always been clear that should the UK leave the EU it would become a “Third Country” for data protection purposes. Transfers of data to EU member states would have to meet an EU assessment of equivalent levels of data protection. We have seen several of counties struggle to achieve equivalence standards.
While the UK has written the provisions of GDPR into UK law it would appear, on the face of it, to be a formality to pass the European Commission’s assessment. Here, with the publication of the Political Declaration the EU’s intention to make the equivalence hurdle as easy as possible to negotiate has been signalled.
It is currently unclear if the Withdrawal Agreement will pass through Parliament but the crucial importance of efficient and secure data flows between the UK and Europe has been underlined by this week’s Political Declaration.
Please contact us if you have any queries or concerns about how Brexit will affect your business, or if you need help with your data protection. Call 01787 277742 or email firstname.lastname@example.org
Gareth Evans, 18th October, 2019