Following on from a draft decision in February, the European Commission has now granted the UK access to EU data.

The commission has formally recognised that UK data protection rules are “adequate” and that personal data can therefore flow in both directions between the EU to the UK.

This removes one more difficulty for UK firms post BREXIT. However, the adequacy decision is limited to four years and will be reviewed at the end of that period.

What next?

Well maybe not very much! The EU withdrawal agreement was primarily about trade. Services, and particularly financial services, did not feature much in the negotiations. Commentators have long felt that the EU will eventually recognise UK financial services regulations as ‘equivalent’. And there is no reason why that would not be the case as clearly, up until the end of 2020, they absolutely were. It is believed that the EU would prefer the UK to continue to adopt EU regulations whereas the UK prefer ‘equivalence’ as it does not mean automatic adoption of all EU regulations in this area. There are indications that the UK might not even hold out for equivalence and simply go its own way.

Meantime, the UK and the EU have reached an agreement in a move that could pave the way for future market access rights for the UK following EU withdrawal. Technical discussions on the text of the agreement, known as a memorandum of understanding, have now been concluded.

Under the agreement, a Joint UK-EU Regulatory Forum will be established to facilitate dialogue between the two entities regarding financial services issues. In the absence of equivalence, the agreement will create a framework that will allow for voluntary regulatory cooperation between the UK and the EU.