The European Commission is expected to allow data to continue to travel into the UK from EU territories in the aftermath of Brexit.
As per a draft document reviewed by the Financial Times, Brussels has decided it is satisfied that UK data handling policies provide a sufficient level of protection.
The decision to grant data adequacy is expected to be confirmed later this week, but could be subject to appeals at the European Court of Justice and will also be reviewed every four years to ensure standards remain high.
The UK has already said it will permit data transfer to the EU. However, for full continuity to be achieved, the EU must put all necessary measures in place by the time temporary measures expire on June 30.
Post-Brexit data transfer
Diplomatic relations between the UK and EU have suffered a hit since the Brexit transition period came to an end on December 31 2020, but the pair appear to be in accord on the importance of preserving the free flow of information.
The decision will produce a collective sigh of relief among both EU and UK businesses, for whom the free flow of data is vital to efficient operation. This is particularly the case for companies operating in sectors such as finance and insurance, which handle vast quantities of sensitive customer data.
Ratification of the decision will also allow for intelligence data to pass between EU and UK bodies with the goal of preventing or investigating serious crime.
Some experts have warned against premature celebration, however, with a breakdown in the proposal remaining a distinct possibility.
“We would advise organisations not to become complacent as this stay of execution could be short lived,” Mark Keddie, Global Director of Privacy at Veritas Technologies, told TechRadar Pro.
“As with previous similar agreements, most recently the EU–US Privacy Shield and its predecessor Safe Harbor before, there is a distinct possibility that a privacy NGO will in the near future bring a legal challenge in the European Court seeking to invalidate any UK data adequacy finding.”
According to Keddie, all businesses can do to prepare for potential disruptions is to focus on establishing robust data privacy controls and solid data hygiene practices.