TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, 16 Nov. 2018 Related reading: Australia and Chinese Taipei join APEC's Cross-Border Privacy Rules System

rss_feed
GDPR-Ready_300x250-Ad
PrivacyTraining_ad300x250.Promo1-01

Greetings from Brussels!

It has been two and a half years since the Brexit referendum — it seems like yesterday — and, a year later than expected, this week Tuesday the negotiations deadlock was finally broken after 17 arduous months of the relatively unknown: A draft withdrawal agreement was concluded between the U.K. and EU negotiating teams for the United Kingdom to leave the European Union 30 March 2019.

This Wednesday, following a marathon five-hour cabinet meeting with her ministers, the British prime minister announced she had full backing to move ahead with her Brexit plan. May announced outside 10 Downing Street: “The collective decision of cabinet was that the government should agree the draft withdrawal agreement and the outline political declaration.” However, relatively soon after, it was being reported that as many as 11 out of her 29 ministers opposed the draft deal. May, however, did acknowledge that there will be "difficult days ahead" and that she could face stronger resistance when she takes the text to the U.K. Parliament for approval next month.

Prior to that, an extraordinary EU summit is expected later this month — member states need to formally agree to the draft. And, following that, Theresa May faces the penultimate fight of her political life to get U.K. MPs to vote in favor of it. While that remains a very uncertain outcome, there are other steps required for full ratification of any final deal (if approved by the U.K. Parliament), namely an EU withdrawal agreement bill introduced and approved by the European Parliament by a simple majority. And the final hurdle in the process is the EU Council rubber stamping the deal with a minimum of 20 countries representing at least 65 percent of the EU population approving the deal.

There is still much debate and work to be done both on the U.K. and EU side for the tabled agreement to see the light of day.

So, what was agreed? The withdrawal agreement covers so-called "divorce" issues (too many to cite), as well as a nonbinding political statement setting out what the two sides want for future relations. While low on detail, the declaration commits to an ambitious free trade agreement covering areas such as financial services, continued free flow of data, and other elements such as EU defense considerations, and security policies. The withdrawal agreement itself includes a planned 21-month transition period after the U.K. leaves the EU in March 2019, whereby EU rules would remain in place, effectively keeping the U.K. in the single market and Customs Union until at least the beginning of 2021; this period is geared toward facilitating business sectors in their planning. The transition timeline can also be extended by common agreement.

In what concerns data protection, there are provisions on the use of data and information exchanged before the end of the transition period. The withdrawal agreement provides that, after the end of the transition period, the U.K. has to continue applying EU data protection rules to personal data, until the EU has established, by way of a formal adequacy decision, that the personal data protection regime of the U.K. provides data protection safeguards that are "essentially equivalent" to those in the EU.

The formal adequacy decision by the EU has to be preceded by an assessment of the data protection regime applicable in the U.K. In the case where the adequacy decision were annulled or repealed, EU personal data received will remain subject to the same "essentially equivalent" standard of protection directly under the agreement — see agreement Articles 70 through 74, which directly address the areas of data protection and security.

In short, the GDPR, which was incorporated (and then some) into the revised U.K. Data Protection Act, would remain the governing data protection legislation in the U.K. for the foreseeable future under the agreement.

However, come Thursday morning, we saw some U.K. ministerial resignations, including the Northern Ireland, Brexit, and Work and Pensions ministers. Simply put, cabinet members found it impossible to support the terms of the agreement, including the proposed solutions to the Irish border where the EU would essentially have an indefinite veto to prevent the U.K. exiting such an arrangement.

All said, clearly, Theresa May has a very difficult time ahead, and the final outcome — for an eventual deal — is anyone’s guess, given the lightning pace of political developments.

Comments

If you want to comment on this post, you need to login.