UK adequacy is very close

Since 19 February when the EU Commission issued its draft UK adequacy decisions, there has been almost a sigh of relief as there appears to be a light at the end of the tunnel. The EU does not require replication of the EU law, and UK rules may differ from EU ones, as long as they prove, in practice, effective for ensuring an adequate level of protection. This should be the case now, but what about in the future? The EU has been cautious and limits the validity of the decision to four years, while keeping a close eye on UK developments in the meantime. However, the European Parliament now aims to challenge the Commission's positive draft decisions.

A big part of that is effective enforcement, and no major deviations from the GDPR. But the government is ambitious in its plans on adequacy assessments on third countries, and its plans for the National Data Strategy which aims to make the most of data sharing opportunities and innovative data uses.

To me, this suggests that the UK wants to create an economic advantage from Brexit and not being tied to EU data legislation. But just how far it can go before jeopardising its future EU adequacy remains to be seen.

The Channel Islands and the Isle of Man are Crown Dependencies but in terms of data protection, independent with their own laws. Our 13th May webinar discussed this interesting relationship and what it means for data transfers. Jay Fedorak, Jersey’s Information Commissioner reflects on Jersey’s data protection developments since the GDPR entered into force, and his end of term.

As we wait for adequacy, some are preparing or are already using Standard Contractual Clauses for data transfers. Read about how to use the EU’s modernised clauses, especially in the UK context. While this contingency planning has been recommended by the ICO some time ago, the tune has somewhat changed now – the ICO is now optimistic that the UK will receive an adequacy decision by the end of June when the bridging period comes to an end, and is also preparing the UK’s own SCCs.

Laura Linkomies
Editor, Privacy Laws & Business

May 2021