The EU is poised to lift a threat to shut off the flow of vital security and business data because of Brexit, in a major boost for Boris Johnson.
“The adequacy talks with the UK are well advanced and the adoption process is foreseen to start very soon,” a European Commission spokesperson said.
The move will come as a major boost for the prime minister, as he fights off protests that his hard Brexit exit terms have shattered cross-Channel trade by drowning it in red tape.
The UK is also locked in a bitter row with the EU over the harsh impact of Irish Sea trade checks, with the threat that the Northern Ireland protocol will unravel.
Businesses – particularly in the health, insurance and technology sectors, which regularly transfer customer personal information such as bank details – will breathe a sigh of relief.
And the go-ahead will also help with law enforcement co-operation, which has been damaged by the UK losing access to the giant SIS II police database and the European Arrest Warrant system.
However, the arrangement will be re-examined every four years to check that UK rules do not endanger the privacy of EU citizens, according to a draft seen by the Financial Times.
A year ago, the European Parliament adopted a resolution stating the UK’s legal framework for data protection “does not currently meet the conditions for adequacy”.
It raised the alarm over the UK’s forwarding of personal data to other countries, the processing of information for immigration purposes and the retention of electronic telecommunications data.
But Vera Jourova, EU vice-president for values and transparency, struck a different note, saying the UK had a head start compared with other third countries with systems “rather distant” from the bloc’s.
“At the same time, we should ensure that any adequacy finding concerning the UK will be future-proof,” she told the FT.
“We will need to be very vigilant that such developments do not undermine the level of protection we would have found to be adequate.”
A draft decision would still need to be endorsed by the European Data Protection Board, member states and the College of Commissioners.
It must happen before 30 June 30, the expiry of a grace period agreed when the Brexit trade agreement was struck on Christmas Eve.
A go-ahead would still be open to legal challenges at the European Court of Justice, such as the one that struck down parts of the EU-US ‘Privacy Shield’ data transfer arrangements last year.