Digital Commerce and Data Protection


Does the Trade & Cooperation Agreement cover digital trade?

The agreement includes provisions that are intended to facilitate digital commerce, addressing unjustified barriers, as well as ensuring an open, safe and trustworthy environment for businesses and consumers, while maintaining high standards of personal data protection. In addition, it expressly prohibits location requirements, while preserving the EU regulatory space regarding the protection of personal data (GDPR).

What happens to data protection from now on with the new Agreement?

A series of provisions as regards to data flow have been introduced in the Digital Commerce chapter of the Agreement. Thus, it is established that cross-border data flows will not be restricted with requirements for location, storage, processing, etc ... but also broad safeguards are guaranteed for the protection of personal data, provided there are "instruments" that allow transfers.

Finally, a review clause is introduced three years from the entry into force of the agreement, so as to incorporate the provisions that the Parties deem appropriate as the operation of the new agreement is observed.

How will the supervisory system be applied after the transitional period, with the new Trade and Cooperation Agreement?

Each of the Parties shall apply the supervision regimes established in their legislation.

The GDPR establishes a relatively complex supervisory system, based on the "one-stop-shop" mechanism".

Briefly, under this system when a data controller or processor has a number of establishments in the EU, the data processing is supervised in cooperation by all the supervisory authorities of the countries where there are establishments, under the direction and coordination of a "lead" supervisory authority, which is the supervisory authority of the Member State where the data controller or processor has its main establishment.

The same principle is applicable when the processing significantly affects persons in various Member States, whether or not the controller or processor has a number of establishments in the EU.

For its part, the UK has transposed the EU regulations into its domestic legislation, so for the time being it will apply similar supervision systems, although it now has regulatory scope to modify these provisions, so it will be necessary to monitor their performances.

Non official translation

< Brexit How to prepare Economic Operators