EU gives provisional thumbs-up to UK privacy regime

Written by Sam Trendall on 22 February 2021 in News
News

Country receives draft adequacy decision

Credit: Adobe Stock

The EU has given the provisional green light to the UK’s privacy regime, meaning business, government and law-enforcement data should soon be allowed to travel unfettered across the English Channel and beyond.

Now the UK has left the bloc, it requires the granting of ‘adequacy’ status to ensure that, in the long term, data can continue to be transferred between organisations in the EU and those in this country. 

This requires the European Commission to rule that a country’s data-protection and privacy regulations are compatible with EU law and procedures. Nations that have previously been granted adequacy status include Argentina, Uruguay, Canada, Switzerland, Israel, Japan, and New Zealand.

The EC has now granted two ‘draft’ adequacy statuses to the UK: one for the General Data Protection Regulation; and the other for EU’s Law Enforcement Directive.

The decisions of the commission will now be put to the European Data Protection board which will, in turn, make a non-binding recommendation. This will then be put forward for formal approval by the remaining 27 member states.


Related content


Didier Reynders, commissioner for justice, said: “A flow of secure data between the EU and the UK is crucial to maintain close trade ties and cooperate effectively in the fight against crime. Today we launch the process to achieve that. We have thoroughly checked the privacy system that applies in the UK after it has left the EU. Now European data protection authorities will thoroughly examine the draft texts. EU citizens' fundamental right to data protection must never be compromised when personal data travel across the Channel. The adequacy decisions, once adopted, would ensure just that.”

The government said that it provided the EC with the relevant material for assessment “in a timely manner” in March 2020 and that the lack of an adequacy decision in time for the UK’s ultimate departure from the EU is because “the commission did not finalise draft decisions in time”.

“The UK government now urges the EU to swiftly complete this technical process for adopting and formalising these adequacy decisions as early as possible,” it added.

In the meantime, data flows between the UK and the EU are covered by a “bridging mechanism” that applies until 30 June – or until adequacy takes effect, whichever is sooner.

If and when adequacy is ratified, it will apply for a period of four years, after which time it will be reviewed and – if the UK’s privacy regime is deemed to remain adequate – renewed.

Julian David, chief executive of industry body techUK, said that decision to grant the UK with draft adequacy “is warmly welcomed” businesses.

“The tech sector… has been making clear the importance of a mutual data adequacy agreement since the day after the referendum,” he added. “Receiving data adequacy, alongside the EU-UK Trade and Cooperation Agreement, will set a solid foundation for digital trade with the EU, including strong non-discrimination clauses and positive data flows provisions, that will give businesses the confidence to invest.”

 

About the author

Sam Trendall is editor of PublicTechnology

Tags

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Related Sponsored Articles

How Your Privacy Program is a Competitive Differentiator
29 January 2021

OneTrust presents the reasons why your organisation should invest in privacy management - and offers three easy tips for getting started 

Email security incidents happen every 12 hours – it’s time to close the gap in Microsoft 365
21 January 2021

The remote-first world has seen email being relied on more than ever as a core communication mechanism - but with 93% of IT leaders acknowledging a risk to sensitive data, what steps should be...