April 2, 2023

Volume XIII, Number 92


March 31, 2023

Subscribe to Latest Legal News and Analysis

March 30, 2023

Subscribe to Latest Legal News and Analysis

Why Data May Prove One of The Hardest Parts of Brexit [Podcast]

Personal data and its transfer over international boundaries hit the news in July 2020, yet again, as the Court of Justice of the EU (CJEU) handed down the Schrems II decision on data transfers reaffirming its strong backing for data protection rights.  In October, a CJEU ruling on UK (as well as French and Belgian) government surveillance regimes further shaped how policy-makers need to evaluate data protection arrangements.  Now Brexit is on the horizon and the international transfer issues surrounding the UK’s exit are becoming a pressing concern for many organisations.

But it remains unclear whether personal data transfers from the EEA to the UK will be able to continue as seamlessly as now post the Brexit transition period without additional measures. Unless the European Commission passes an “adequacy decision” in relation to the UK before 31 December 2020 (or some other form of agreement is reached), then EU/EEA organisations that transfer personal data to UK organisations (or allow them to access the data) will breach the GDPR unless they put additional alternative measures in place to govern those transfers, or a derogation applies. The Commission’s freedom of manoeuvre is constrained by the two CJEU rulings earlier this year.

For any organisation doing business across the Brexit border, there may be significant work to be done to ensure that those data transfers can continue without breaching the GDPR, such as putting EU Standard Contractual Clauses (SCCs) or Binding Corporate Rules into place.

I was recently joined by Neil Ross, Policy Manager for Digital Economy at techUK and Rosa Barcelo, co-chair of our global Data Privacy & Cybersecurity Practice and former Deputy Head of Unit of the Cybersecurity and Digital Privacy Unit of DG CONNECT in the European Commission to explore these issues on our Now & Next podcast.

© Copyright 2023 Squire Patton Boggs (US) LLPNational Law Review, Volume X, Number 301

About this Author

Matthew Kirk International Affairs Adviser Squire Patton Boggs London, UK
International Affairs Adviser

Matthew Kirk is an international affairs advisor in our Public Policy International Practice. He provides strategic advice concerning business, politics and international law from the firm’s London office. He also advises clients on regulatory risk, market entry, cyber risk and reputation risk.

A career diplomat, he served as the UK’s Ambassador to Finland from 2002 to 2006. Most recently, he served as external affairs director at Vodafone.

Ambassador Kirk is a highly experienced international risk strategist and negotiator of complex multinational issues. Additionally, he...

44 207-655-1389
Rosa Barcelo Data Privacy & Cybersecurity Attorney Squire Patton Boggs Brussels, Belgium

Rosa Barcelo co-chairs the firm’s global Data Privacy & Cybersecurity Practice. She counsels clients on data protection and privacy, including compliance with the GDPR and the ePrivacy Directive. Her expertise includes advising organizations on structuring international data transfers, BCRs, completing Data Protection Impact Assessments, drafting data processor agreements and carrying out lead authority assessments. Rosa’s practice has particular focus on cutting-edge ICT issues, including AI, machine learning, autonomous vehicles, programmatic advertising and online tracking...

+322 627 1107