Comment: Can the UK still get EU adequacy?

As the Brexit negotiations are in jeopardy due to the government’s new Internal Market Bill, progress made on data protection and UK adequacy may also be hampered. If we end up with a no-deal, Standard Contractual Clauses (SCCs) will play a more significant role in international data transfers. But there are now new challenges caused by the Schrems II decision, also in relation to cloud computing (p.11).

The European Commission is currently working on a revised set of SCCs to take the judgment of the Court of Justice of the European Union into account. The European Commission says that this is a top priority for the coming months, with a view to finalising the clauses by the end of this year. Also, discussions have started with the United States to find a way forward. In the UK, the government’s National Data Strategy seeks innovative mechanisms for international data transfers (p.9).
There is more certainty over the role of Binding Corporate Rules and changes to the ICO’s remit after Brexit. Read our correspondent’s analysis and practical advice on p.1.

The Appropriate Design Code is now in effect, and organisations have until 2 September 2021 to ensure compliance. The Code requires high privacy settings as a default. The ICO is issuing guidance and will host webinars on this topic (p.10). It is also keen to have submissions for its Sandbox programme on projects that deal with children’s data.

For those who have responsibility for delivering data protection training, this issue brings a wealth of ideas on how to engage staff through data protection themed games (p.1). The aim is to make learning fun and encourage discussion on privacy issues.

The pandemic has changed the working life for many of us. DPOs are now often taking video calls and attending or organising online conferences and meetings. Which data protection rules do we have to keep in mind in this environment (p.17)? And which details are actually included in the broadly defined concept of health data (p.14)?
The Information Commissioner responds to MPs’ unease about privacy and Covid-19 (p.18) whilst seeing a massive impact on resources due to Covid-related work.

Last but not least, is cookie audit automation your get out of jail card? Find out on p.19 how technology can help the busy DPO.

Laura Linkomies
Editor, Privacy Laws & Business

September 2020