2 min

The European Union has agreed that the standards used by the UK for the protection of personal data are sufficient to allow information to flow between the bloc and its former member. The news was announced by the European Commission on Monday.

The EU executive implemented two ‘adequacy’ decisions that include safeguards like the automatic expiry of the data after four years. This is the first time that a sunset clause like this is being used by the EU.

The decisions made are related to the EU’s General Data Protection Regulation (GDPR) and a directive on the processing of data connected to crimes, particularly for witnesses, victims, and suspects.

The framework

The decisions affect British businesses that rely on international data flows or operate within the EU and need to access customer data.

They also offer guarantees for the flow of data for police and prosecutors investigating crimes across borders.

The adequacy decisions will be renewed if British rules are in line with the bloc’s requirements. The Commission could also intervene in the four years if Britain is found to deviate from the current protection frameworks.

Brexit aftershocks

The decisions had a June 30 deadline, to smoothen the transition at the end of the six-month grace period during which flows were still allowed after Britain left the EU.

EU member states supported the Commission’s proposal earlier this month. The bloc has, in the past, deemed data standards set by other countries as adequate. Some of those countries include Switzerland, New Zealand, Israel, Argentina, and Japan.

In recent times, the bloc has been making moves to position itself as a technological power. It has also taken a somewhat tough stance against big tech and data privacy violations.