The United Kingdom left the EU on 31 January 2020, and the Brexit transition period came to an end on 31 December 2020. Shortly before the transition period ended, the United Kindgom and the EU agreed the terms of a Trade and Co-operation Agreement (TCA). TCA a classic free trade agreement – tariff and quota-free trade in goods but little mutual recognition and very modest commitments on services. The real innovations come with the emphasis on preserving the so-called level playing field. EU laws no longer apply in the UK, though the UK has retained EU laws as at the end of the transition period, which have been adapted for the UK. Even with TCA in place, the future relationship between the UK and EU will remain a very fluid one. It applies also to the area of personal data protection.
 
The TCA includes a temporary solution to keep data flowing between the EU and the UK until a data adequacy decision for the UK that would allow for the ongoing free flow of data is reached. The deadline is effectively 30 June 2021. Personal data passed to the UK during this interim period ‘shall not be considered as a transfer to a third country’. Both sides have committed to upholding high levels of data protection standards and to ensure ‘cross-border data flows to facilitate trade in the digital economy’ without imposing limits on where data can be stored or processed.
 
The TCA commits both parties to upholding common high standards ensuring the protection of labour and social standards, environmental protection and tax transparency. The TCA builds new operational capabilities, taking account of the fact that the UK, as a non-EU member outside of the Schengen area, will not have the same facilities as before.
 
Although the TCA came into force on 1 January 2021, it should be adopted by the European Council and approved to by the European Parliament before it can be ratified and fully implemented. The TCA will also need to be approved by the UK Parliament. It will naturally take some time. Therefore, it is recommended that UK-based organizations which work with EU organizations should consider to implement cross-border data transfer arrangements to safeguard against any future interruption to the free flow of personal data between the EU and the UK.

About the Author

Back to list

Read also