Amongst all the political stories of the last few days, perhaps it's not surprising that one story seems to have got missed!

It's quite a big one for those involved in movement of data as the European Commission now believes it has the deal it needs with the US around legitimising transfers of data between the two jurisdictions.

Key changes have been made to address concerns raised as the last version of the Privacy Shield made its way around the various reviewers/approvers.  These focus on:

  • commitments around when/how bulk collections of data by US organisations can take place
  • greater data retention rules
  • independence of US ombudsman (to whom EU residents can complain if they believe/feel their data rights are being impacted in the US).

After concerns were raised on similar grounds in relation to the EU Model Contract Clauses last month (http://mediatech.footanstey.com/post/102deqx/tying-ourselves-in-knots-with-data-flows) it will be interesting to see if these concessions by the US are similarly adopted in revised versions of the clauses.

Aha, but what about Brexit? 

Well, chances are data rules will need to map very closely to EU rules if we want to continue to have access to the common market.  Failure to do so might then lead to EU bodies assessing the adequacy of the UK rules and whether we satisfy its requirements for protection.  

As the Information Commissioner notes, given the volume of trade we do with our neighbours, the General Data Protection Regulation will, most likely, continue its path into UK law over the next 2 years.