Immigration:

• Although the transition period has ended, EU Citizens will be able to enter the UK just using their passports until the end of September 2021.
• Now the transition period has finished, the Frontier Worker system offers EU Citizens who have already been travelling to the UK for work and who have not qualified under the Settled Status Scheme the only route, with a couple of limited exceptions, into the UK outside the Immigration Rules which apply to all migrants. The Scheme has only just started and the designated App to streamline the process will not launch until 22 January 2021. Frontier Workers will require the permit to come to the UK for work from 1 July 2021.
• UK Citizens entering the EU are now categorised as third country nationals. While they can enter just showing their passports with current COVID restrictions, they are required to meet stricter requirements showing they have a good reason for entering the country and have a negative COVID-19 test which was not the case until 1 January 2021. Please click here for more information.

 

Employment Law:

• Under the original European Union (Withdrawal) Act 2018 all UK employment law which originated from an EU directive — for example, the Working Time Regulations 1998 — continued in force and, during the transition period (which ended on 31 December 2020) continued to be subject to decisions of the European Court.
• There were some necessary technical changes. The only one of practical significance is that European Works Councils cannot now be based in the UK and will have to be transferred to the jurisdiction of an EU member state.
• In accordance with normal principles, these laws will continue in force unless and until changed by Parliament. Future decisions of the European Court on EU-derived laws will not however be binding on the UK but UK courts may “have regard” to them.
• Under the recently agreed Trade and Cooperation Agreement, the UK and EU have agreed in relation to existing employment law a principle of “non-regression” — no changes if to do so would affect trade or investment. This would therefore not prevent the UK from repealing EU derived laws so long as, in doing so, it did not give the UK an unfair competitive advantage in trade/investment.
• It is also agreed that, in terms of future developments in employment law, if the UK does not keep pace with EU legislation and so produces a divergence in employment standards which affects trade then that may trigger “rebalancing provisions” — in practice increased tariffs.
• In summary, therefore, if the UK
  • repeals or materially changes existing EU-derived law and/or
  • fails to keep up with EU legislation

such that trade/investment is adversely affected then the EU’s sanction is to impose tariffs on trade. This is subject to an arbitration process in the event of a dispute. The European court, however, has no further meaningful role so far as the UK is concerned.

 

Social Security Coordination:

• Individuals who were on secondment between the UK and EEA Members States prior to 1 January 2021 should be covered by the European Union (Withdrawal Agreement) Act 2020 (WA). Provided that these individuals exercised their Freedom of Movement rights before 31 December 2020 and have the ‘right to reside’ in a Member State, they should continue to have ‘grandfathered’ rights under the existing EU social security agreement (EU Regulation 883/2004). What this means is that these individuals may apply for an extension of their existing certificate A1 under those rules provided there is no interruption to their status.
• Individuals who move from the UK to an EU Member State or vice versa on or after 1 January 2021 will be subject to the new Protocol on Social Security Coordination (Protocol), set out in the recent Trade and Cooperation Agreement.
• The Protocol is not as extensive as EU Regulation 883/2004 (EU Regulations). Some benefits are retained such as aggregated pension rights and healthcare benefits but some are reduced or no longer covered such as child benefit.
• The provisions on workers’ coverage are similar to the EU Regulations. Employees and the self-employed moving between states will only be subject to the legislation of one Member State. The default position is that contributions are due in the state where work is performed but there are similar provisions for posted workers (postings of up to 24 months) and multistate workers that apply under the old EU Regulations. The key difference between the Protocol and the EU Regulations is that there is no provision to allow extension of coverage to up to five years by mutual agreement that was available under Article 16 of EU Regulations. This would allow continued home country coverage where it was in the best interest of an employee be exempt from paying contributions in the host location.
• EU Member States are required to opt-in to the social security rules covered in the Protocol by 31 January 2021. At the moment, four countries have opted in: Austria, Hungary, Portugal and Sweden. Where countries opt-out, UK workers posted to a host state will be subject to the legislation of that state for the duration of the posting. This may result into higher social rates and additional costs for employers as well as increase in the associated administrative burden.
• EU Regulation 883/2004 coverage includes: EEA Member States Iceland, Liechtenstein, Norway and Switzerland. The countries are not part of the Protocol and moves involving these countries are covered by the provisions in the existing bilateral arrangements between the UK and these countries. Currently, the UK and Lichtenstein have not entered into a bilateral agreement, which means that the domestic laws of both countries apply including the UK rules of 52-week continuing liability or exemption.
• Employers will be required to register as an employer and account for any employer and employee social security contributions that are due under the laws of the UK or EU member state, even where they have no place of business in the jurisdiction where the employee works. This is particularly relevant for employers of international remote workers where significant employer costs may arise.
• We expect the practical administration of the new protocol to be similar to that under the previous EU Regulations but await HMRC’s and EU member state guidance in due course.
• Any existing European Health Insurance Card continues to be valid until it expires. Once it expires it will not be possible to extend but instead a Global Health Insurance Card (GHIC) should be obtained. The GHIC does not cover trips to Iceland, Liechtenstein, Norway and Switzerland.

 

Data Protection & Privacy:

International Data Transfers 

• Bridging Mechanism: Until 1 May 2021, data transferred from EEA to UK will not be treated as an export to a third country. If no adequacy decision has been made by this date, then the stay of execution can be extended by two months, unless a party objects.
  • This bridging mechanism is conditional upon the UK not amending its Data Protection legislation, apart from aligning rules to reflect updates in the EU. An example of this would be (1) the ability of the UK to adopt new Standard Contractual Clauses (SCCs) when formalised by the EC and (2) addressing the need for reapproved BCRs in order to adjust requirements to meet both EEA & UK requirements.
• Transfers from the UK to the EU: these may continue under the UK GDPR.
• Transfers from the UK to 3rd countries: this will remain the same. Those countries that had been deemed “adequate” by the EC will continue to be “adequate” under the UK GDPR.
• SCCs: The ICO have reinforced that SCCs continue to be a valid mechanism for both existing and new transfers of personal data. Changes can be made so that the EU SCCs make sense in a UK context. However, post Schrems 2, SCCs remain valid only where they (together with appropriate additional measures) provide for “essentially equivalent” protection as in the EU. The EDPB have published guidance as to what these additional protections may be, and the ICO plan on following suit. Additionally, the EC are consulting on new SCCs, expected to be formally issued at some point in 2021: these will not automatically take effect in the UK. The ICO will be publishing its own update.
• No absolute data localisation measures: cross border data flows will not be restricted by implementing data localisation requirements e.g., requiring or prohibiting data storage or processing within either territory.

‘Local’ representatives

• UK representative: If an organisation based in the EU does not have a branch, office or establishment in the UK but offers goods/services to individuals in the UK or monitors the behaviour of individuals in the UK, then a UK representative may need to be appointed for the purposes of dealing with SAs and data subjects. Some exceptions apply.
• EU representative: If an organisation based in the UK does not have a branch, office or establishment in the EEA but offers goods/services to individuals in the EEA or monitors the behaviour of individuals in the EEA, then an EU representative may need to be appointed for the purposes of dealing with SAs and data subjects. Some exceptions apply.

Regulatory oversight of cross border processing

• One-Stop-Shop in which the ICO is appointed as the lead SA has ended.
• An organisation may be accountable to the ICO and other SAs depending upon activities.

Updating documentation and accountability measures

• Privacy notices should be reviewed for (1) references to ‘GDPR’, (2) international transfer updates and (3) local contact details/local representative details, if required.
• DPOs: DPOs can continue to cover both the EU/UK but must be ‘easily accessible from each establishment’.
• Organisations should know when data was processed in order to identify the applicable regulatory framework.
• DPIAs: processing is no longer ‘cross-border’ if the UK is included, so review for restricted transfers.
• General documentation: terminology may require updating, including references to ‘UK GDPR’ and/or ‘EU/GDPR’, as well as international transfers.

For further information or if you have any queries relating to the content of this communication, please contact us.

CELIA Alliance
CELIA Alliance members are identified here. Members of the CELIA Alliance are each independent law firms and do not practice law jointly with any other member of the CELIA Alliance. “CELIA Alliance” and “CELIA” are not trading names. For more information about the CELIA Alliance click here.

Disclaimer
Content is for general information purposes only. The information provided is not intended to be comprehensive and it does not constitute or contain legal or other advice. If you require assistance in relation to any issue please seek specific advice relevant to your particular circumstances. In particular, no responsibility shall be accepted by the authors or by Abbiss Cadres LLP for any losses occasioned by reliance on any content appearing on or accessible from this newsletter. For further legal information click here.

Circular 230 disclosure
To ensure compliance with requirements imposed by the IRS and other taxing authorities, we inform you that any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.

Copying
If you would like to copy or otherwise reproduce this article then you may do so provided that: (1) any such copy or reproduction is for your own personal use or if it is made available to any third party it is done so on a free of charge basis; and (2) the article is reproduced in full together with the contact details, disclaimer and any logos as they appear on each article.