Other Sectoral Issues
2.1. Judicial and Law Enforcement Cooperation
Judicial and Law Enforcement Cooperation between Ireland and the UK remains of primary importance including in the context of Northern Ireland. Measures, though less optimum than the current EU framework, will be put in place to ensure a viable extradition system with the UK, and to maintain the system of exchange of law enforcement data in a manner compatible with EU instruments on data protection.
Provisions on extradition included in the 2020 Brexit Omnibus Bill will provide a legislative basis for alternative extradition arrangements under the 1957 Council of Europe Convention on Extradition.
Solutions have been identified and will be put in place to ensure the necessary exchange of police information between Irish and UK law enforcement agencies within the framework of the EU Data Protection regime, in the event that the EU does not grant an adequacy decision to the UK on GDPR and the Law Enforcement Data Protection Directive. Such arrangements are important in the context of Cross Border police cooperation and maintaining the Common Travel Area.
In the absence of an agreement to the contrary, EU law will no longer apply to legal proceedings involving the UK once the current transition period comes to an end. Among the areas affected are commercial disputes and family law matters. While no fall-back solution can offer the precise degree of cover which is currently available under existing EU instruments, fall-back solutions have been identified in certain areas, including national law rules as they exist both in Ireland and in the UK and international Conventions to which both Ireland and the UK are a party. However, it has to be recognised that these are not always as effective or as comprehensive as the comparable EU instruments.
The European Commission has recently published a Notice to Stakeholders to apply in the field of civil justice and private international law after the end of the transition period. In particular, the Commission recommends “Stakeholders that intend to conclude contracts with a person or company in the United Kingdom or to launch proceedings in civil or commercial matters related to the United Kingdom or to enforce judgments in such matters should seek legal advice”.
5.2 Transfer of Personal Data
At the end of transition period the UK will no longer be bound by the European Union’s data protection legislation. Transfers of personal data to the UK can continue but they must comply with the rules and safeguards for transferring such data to non-EU countries as outlined in the EU General Data Protection Regulation (GDPR) or in the Law Enforcement Directive. The EU can adopt a unilateral ‘adequacy’ decision, on the basis of Article 45 of the GDPR, if it deems that the third country offers an adequate level of data protection. Such an assessment is being undertaken by the Commission of the UK at present. It is not known when this assessment will be completed. In the absence of a data adequacy decision, the rules governing the transfer of personal data to the United Kingdom, other than those governed by Article 71(1) of the Withdrawal Agreement, will change.
If your organisation shares personal data with organisations based in the UK (including Northern Ireland as the scope of the Protocol on Ireland and Northern Ireland does not include the EU GDPR Regulation), you must ensure that you comply with the relevant Union rules applicable to transfers of personal data to third countries. Furthermore, if your organisation uses Standard Contractual Clauses (SCCs) or other safeguards for data transfers to third countries, you should also assess the implications of the recent Schrems II judgement on data transfers, which puts an onus on organisations to ensure that these mechanisms offer an adequate level of protection.
Both the European Commission and the Irish Data Protection Commissioner (DPC) have issued advice on data protection issues arising as a result of Brexit and have provided guidance on the appropriate safeguards and derogations that can be put in place under the GDPR when the UK becomes a third country.
