|
After Brexit, the UK will have prove to Brussels it provides adequate privacy protections for EU citizens in order to allow British companies to keep transferring vast volumes of personal data across Europe.
EU and British officials have privately said an “adequacy” decision could be completed in months after Brexit as the UK would be fully compliant with the EU’s privacy framework, known as the General Data Protection Regulation.
But Giovanni Buttarelli, Europe’s data protection supervisor, warned negotiations could drag on for years as EU authorities would have to scrutinise how British spying agencies and the government handled the personal data of citizens and whether the UK met Europe’s robust standards on surveillance.
“Adequacy could take years. We will have to assess law enforcement bodies,” said Mr Buttarelli. “Adequacy findings take a lot of work even if [the UK] is fully compliant with the GDPR”.
“A divorce is a divorce, so you need time before re-establishing certain relationships. Once you are out, it is all more complicated” he said.
The UK’s EU membership has allowed companies with servers in Britain to freely transfer personal data such as emails and pictures to anywhere in the bloc. An adequacy deal would allow UK companies to continue as before and not have to resort to complex bilateral agreements. Not having a deal would affect the health, insurance and tech sectors, among others, which regularly transfer personal data across Europe.
The data protection supervisor said the UK would also have to get in a queue behind other third countries, such as Mexico, South Korea and India, who have all shown interest in striking data flows deal with the EU. [...]
Full article on Financial Times (subscription required)