UK treaty with EU: This agreement will allow an extended period for personal data flows.
The UK government has recently announced a treaty with the EU, which essentially allows for an extension in the transitionary period, allowing free personal data flows.
Last month, we reported on the impending termination of the transitionary period and the need for UK businesses to ensure compliance to data protection law by December 31st 2020. Since then, the UK government has announced a treaty with the EU allowing for personal data to flow freely from the EU (and EEA) to the UK, including law enforcement agencies. This arrangement will stand until adequacy decisions take effect, for a period no longer than six months.
The UK government announces the new treaty, which allows free cross-border flow of information between the UK, and the EU and EEA.
The announcement made by the UK government, provides in depth details on what this would mean for digital trade. The agreement is meant to ensure that the UK and the EU will collaborate on digital trade issues in future, including emerging technologies. The agreement will prohibit requirements to store or process data in a specific location, allowing for free cross-border flow of information. This is the first time that the EU has made provisions for data in a free trade agreement. This agreement is expected to promote trust in the digital economy, and prevent the imposition of costly requirements for UK businesses.
This UK treaty with the EU also features a totally new provision, inspired by recent WTO discussions, allowing open government data. This encourages governments to make available non personal and anonymised data, in easily accessible and machine readable formats. It also guarantees that neither the UK nor the EU will discriminate against electronic signatures or electronic documents, solely on the basis that they are in digital form, ensuring that contracts
can be completed digitally, with very few exceptions.
The agreement is expected to provide greater consumer protection, as it contains special exceptions to preserve policy space for the UK or the EU to protect online users. It includes online consumer protection and anti-spam provisions. This agreement also goes on to guarantee against the forced transfer of source code, ensuring companies, and valuable intellectual property are protected.
The ICO has released a statement advising UK businesses and organisations to arrange alternative transfer mechanisms.
The ICO has released an updated statement, urging businesses and organisations who transfer data to EU and EEA organisations to put alternative transfer mechanisms in place, during this period, to safeguard against an interruption in their data flow. Information Commissioner, Elizabeth Denham said in this recent statement “This means that organisations can be confident in the free flow of personal data from 1 January, without having to make any changes to their data protection practices.” The ICO is expected to release an additional statement updating the ICO guidance on their website to reflect the extended provisions and ensure businesses know what happens next.
Do you make international data transfers to third countries? We can help you. Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, transfer impact assessments and Data Protection Officer outsourcing. Contact us today.
- Call for a ban on facial recognition: EDPB and EDPS release a joint statement - June 24, 2021
- The ICO has fined three companies for nuisance marketing - June 22, 2021
- Amazon faces possible fines for alleged GDPR violations - June 17, 2021