Even with the end of 2020 agreed trade and cooperation agreement between the EU and Great Britain, the cow is responsible for the transfer of personal data between companies on both sides of the English Channel not from the ice yet. The agreement only provides for an additional four-month transition period for data transfers since the New Year, which can be extended to six months.

Facilitate digital trade Since the turn of the year, the United Kingdom has been a third country within the meaning of the General Data Protection Regulation (GDPR). Initially there was a grace period up to 31. December 2020 applies. Without the agreement, a transfer of personal data to the British island would only have been permitted under the strict requirements of the article 44 following GDPR. In view of the diverse existing supply chains and interwoven business processes, this would inevitably have led to great legal uncertainties and possibly ongoing data protection violations.

The in German 1390 According to the EU Commission, a strong contract generally aims to “facilitate digital trade by removing unjustified obstacles and ensuring an open, secure and trustworthy online environment for companies and consumers” as well as high standards for the protection of personal data should be. There should be no rules for the local storage of information, the “political leeway of the EU with regard to data protection” remains.

British standards should correspond to those of the EU On the EU side, a long-term solution for the private-sector data flow requires an official certificate that the British standards essentially correspond to those of the Union, which are set out in the GDPR and the parallel police and judicial policy. According to the government institution in Brussels, Great Britain has to comply with “specific additional” requirements in this area, which result from the opinions of the European Court of Justice for the UK. As soon as she was satisfied with the information received, she would start the adoption procedure immediately. The European Data Protection Board (EDPB) and the Member States would have to give their place for this. The bridging solution should guarantee “stability and continuity” until then Kugelmann. “Serious difficulties for the companies concerned are avoided initially. But the companies should not run out of breath. It is important to prepare for an end of the transition period in order to adjust business processes if necessary.”

Six out of ten companies transfer data to Great Britain The Commission sees the inspector as obliged to “present viable adequacy decisions in a timely manner”, which also take into account current ECJ case law . Even if companies can hope for such a decision, they should not rely on it. British Prime Minister Boris Johnson repeatedly stressed that with Brexit, his government would pursue a line “detached and independent” from the EU in terms of data protection. A comparable level in this field could then possibly no longer be spoken of.

The work has not yet been done, warned the IT umbrella organization DigitalEurope. The EU must quickly take an adequacy decision. A recent relevant study shows that six out of ten European companies transfer data between the EU and Great Britain.

No access to the Schengen information system Ensuring the security of EU and UK citizens from common and evolving threats such as cross-border crime, cybercrime and terrorism remains a shared priority, the Brussels Executive added. This requires “effective and fast collaboration, the exchange of data and analyzes”. Any cooperation with a third country must go hand in hand with “solid and permanent guarantees for the protection of human rights and fundamental freedoms of the individual, including data protection”.

Direct access to the Schengen Information System (SIS) the British no longer. According to the Commission, however, the agreement contains “ambitious provisions for a timely, effective and efficient exchange” and protection of passenger data (PNR). The prerequisite for this is that London recognize the relevant EU laws and comply with the requirements of the ECJ ruling on the PNR agreement between the EU and Canada, which has been suspended for the time being.

Access to national databases According to the tome, the same applies to the rapid mutual exchange of DNA, fingerprint and vehicle registration data. Here, Great Britain is the first third country to be treated like the signatory countries of the 1390 concluded Prüm Treaty from the EU, as long as it maintains comparable standards of protection. Access to national databases takes place in this context in a graduated procedure on the basis of specific hits for search queries. If this is unsuccessful, cooperation in this sector can be suspended or terminated, for example in the event of a serious breach of obligations under the Agreement.

(tiw)