Security Experts:

Brussels Okays EU-UK Personal Data Flows

The European Commission lifted the threat of crucial data flows between Europe and Britain being blocked in a move that would have crippled business activity as it said Friday that privacy safeguards in the UK met European standards.

In a key post-Brexit decision, the EU executive said that British authorities had sufficient measures in place to protect European users' personal data, freeing up data transfers for businesses as well as for police.

The adequacy decision, to be formally adopted by the 27 member states, would ensure that data protection will "never be compromised when personal data travel across the Channel," said EU Justice Commissioner Didier Reynders.

Businesses will breath a sigh of relief at the decision, with more and more companies relying on cross-border cloud computing and other technology to function everyday.

This was made especially clear during the Covid-19 pandemic as companies, schools and governments increasingly went online, counting on big tech's networks to operate.

A negative decision would have blocked the transfer of data from EU-based companies to the UK, crippling activity.

- Sensitive issue -

Britain is seeking similar adequacy decisions for its financial services, but this is proving far more contentious, with Brussels giving no clear indication of when a decision will be made.

The EU currently has data adequacy agreements with 12 countries, including Japan, Switzerland and Canada and negotiations are underway with South Korea.

Once approved, personal data transferring through Britain will be treated as if it was moving within the EU.

Oliver Dowden, Britain's Secretary of State for Digital, said he welcomed the move "although the EU’s progress in this area has been slower than we would have wished."   

"I am glad we have now reached this significant milestone following months of constructive talks in which we have set out our robust data protection framework," he added.

The security of personal data has become a sensitive issue, with the EU's top court having struck down a similar arrangement between the EU and United States.

The European Court of Justice has decided on several occasions that national security laws in the United States are in violation of European privacy standards making the deal illegal.

For the UK, the commission assessed that country's Investigatory Powers Act of 2016 which contains extensive powers including the ability to carry out bulk data surveillance. 

The EU, however, found those powers were satisfactorily controlled by UK law and Britain's adherence to the European Convention of Human Rights.

The Business Software Alliance, a lobby group for big tech companies including Microsoft, Oracle and IBM said it was "delighted" by the decision. 

"This will provide long-term confidence that data will continue to flow between the two partners post-Brexit," said BSA's Thomas Boue, policy chief for Europe.

Max Schrems, an Austrian lawyer and activist who led the fight against the EU's data arrangements with the US, tweeted that there were issues with the UK proposal on security that will require "deep analysis". 

view counter