EU gives provisional thumbs-up to UK privacy regime
Country receives draft adequacy decision
Credit: Adobe Stock
The EU has given the provisional green light to the UK’s privacy regime, meaning business, government and law-enforcement data should soon be allowed to travel unfettered across the English Channel and beyond.
Now the UK has left the bloc, it requires the granting of ‘adequacy’ status to ensure that, in the long term, data can continue to be transferred between organisations in the EU and those in this country.
This requires the European Commission to rule that a country’s data-protection and privacy regulations are compatible with EU law and procedures. Nations that have previously been granted adequacy status include Argentina, Uruguay, Canada, Switzerland, Israel, Japan, and New Zealand.
The EC has now granted two ‘draft’ adequacy statuses to the UK: one for the General Data Protection Regulation; and the other for EU’s Law Enforcement Directive.
The decisions of the commission will now be put to the European Data Protection board which will, in turn, make a non-binding recommendation. This will then be put forward for formal approval by the remaining 27 member states.
Didier Reynders, commissioner for justice, said: “A flow of secure data between the EU and the UK is crucial to maintain close trade ties and cooperate effectively in the fight against crime. Today we launch the process to achieve that. We have thoroughly checked the privacy system that applies in the UK after it has left the EU. Now European data protection authorities will thoroughly examine the draft texts. EU citizens' fundamental right to data protection must never be compromised when personal data travel across the Channel. The adequacy decisions, once adopted, would ensure just that.”
The government said that it provided the EC with the relevant material for assessment “in a timely manner” in March 2020 and that the lack of an adequacy decision in time for the UK’s ultimate departure from the EU is because “the commission did not finalise draft decisions in time”.
“The UK government now urges the EU to swiftly complete this technical process for adopting and formalising these adequacy decisions as early as possible,” it added.
In the meantime, data flows between the UK and the EU are covered by a “bridging mechanism” that applies until 30 June – or until adequacy takes effect, whichever is sooner.
If and when adequacy is ratified, it will apply for a period of four years, after which time it will be reviewed and – if the UK’s privacy regime is deemed to remain adequate – renewed.
Julian David, chief executive of industry body techUK, said that decision to grant the UK with draft adequacy “is warmly welcomed” businesses.
“The tech sector… has been making clear the importance of a mutual data adequacy agreement since the day after the referendum,” he added. “Receiving data adequacy, alongside the EU-UK Trade and Cooperation Agreement, will set a solid foundation for digital trade with the EU, including strong non-discrimination clauses and positive data flows provisions, that will give businesses the confidence to invest.”
PublicTechnology editor Sam Trendall picks out the big issues that might shape the year ahead. Apart from that one.
Minister says mandating isolation is ‘right course of action’
ICO offers resources to assess legality and work with data subjects
Denise Dourado formally appointed as SRO
OneTrust presents the reasons why your organisation should invest in privacy management - and offers three easy tips for getting started
The remote-first world has seen email being relied on more than ever as a core communication mechanism - but with 93% of IT leaders acknowledging a risk to sensitive data, what steps should be...
One Trust breaks down the modular approach of the new SCCs