Another disaster could be added to this: since Great Britain is no longer in the European Union, there is no longer a legal basis for data exchange across the English Channel, so far, interim solutions have been put in place. So there may also be penalties for a large number of companies. “Almost every large company, but also medium-sized companies and startups in Germany and Europe shares data with locations on the island,” said Rebekka Weiß of Bitkom Digital Association to Handelsblatt.
In order to end the interim solutions period, the European Union Commission in the United Kingdom wants to ratify the highest data protection standards in the coming days, thus enabling the exchange of data without restrictions. So far, the European Union has granted this status to twelve countries around the world. The USA lost it in a ruling by the European Court of Justice (ECJ) because it did not want to protect user data from access by its secret services.
However, privacy advocates are skeptical of Britain’s claim. Because the British did not take data protection as seriously as other Europeans, they said. The British GCHQ shares its findings very freely with the US National Security Agency. Stefan Brink, the data protection officer in Baden-Württemberg, says the level of data protection set by the European Court of Justice will be undermined.
Today’s top jobs
Find the best jobs now and
You are notified by email.
“Even as a member state, Great Britain has had an informal approach to sensitive data,” says Moritz Corner, MP and party. “Britain has not changed its surveillance laws and it is not certain how London will change its data protection laws,” said Estelle Masse of the human rights organization Access Now.
However, European Union Commission Vice President Vera Yurova wants to certify that “appropriate” data protection applies in Great Britain. The country’s data protection laws and legal action options are examined to make such a decision. There is no problem with the laws. After all, Great Britain implemented the GDPR before Brexit – like all European Union countries. The prospects for legal action may be worse now, because users at least can no longer turn to the European Court of Justice if they see their rights being violated in Great Britain.
The situation is paradoxical: the European Union can verify the data security of its trading partners and issue data transfer conditions accordingly. However, it does not verify data security in member states as it is not responsible for that.
As a country in the European Union, Great Britain had to implement the General Data Protection Regulation. But there hasn’t been a real test of how much data is protected from access by secret services there. Now that Great Britain is no longer a member of the European Union, the European Union Commission will have effective means of enforcing a level of data protection there.
However, the pressure is immense not to take advantage of it. While negotiating a business deal, both sides tried not to further degrade the mood. Perhaps this is one of the reasons for excluding the topic of data flows. Since the diplomatic scandal surrounding the border between Northern Ireland and Ireland in January, Europeans have been very keen to create a good mood.
The privacy advocates in the European Union are unlikely to object
Even the EU’s data protection advocates are unlikely to object. “The data protection authorities are under huge pressure to support the decision on Great Britain not to make the business of banks and insurance companies disproportionately difficult,” says Brink, the data protection officer.
However, the European Court of Justice will not be so easily affected. He twice rescinded the decision to exchange data with the US: first “Safe Harbor” and then “Privacy Shield”. In order to protect users’ data, the European Court of Justice agreed that European companies now have to fear high fines.
The European Union Commission presented a difficult situation to the European Court of Justice. Because many European companies rely on data services from the USA. Often there are no European alternatives. If the committee takes the decision seriously, it will have to push for changes to the law in the United States or bar local companies from making significant applications.
Great Britain is also about a lot. “The UK is one of the most important locations for data processing, for example in the areas of logistics, customer relations and mobility, but also for cloud services, customer services and maintenance,” Bitkom says. The European Court of Justice could also review the decision on Great Britain if someone complained against it.
More: Is the time now for European cloud companies? Two opinions