UK adequacy is essential – so let’s keep it

Looking from the outside, it would seem foolish for the government to make changes to the UK GDPR. It is not just that large companies want a level playing field across Europe regarding data protection, but the obstacles they would have to face if adequacy was withdrawn would be insurmountable.

The DCMS is about to announce which countries it will assess first for UK adequacy, and its adequacy criteria. Joe Jones, Head of Data Adequacy at the DCMS told the PL&B conference audience that adopting adequacy decisions for third countries does not mean that the UK would suddenly become inadequate. However, a taskforce of Conservative MPs (not members of the government) has recently put forward some radical ideas that would dilute the GDPR – so this is certainly an area to watch, given that the European Commission’s monitoring powers have been baked into the UK adequacy decision with a review at any time and for certain within four years.

Everyday data protection compliance challenges often deal with marketing issues. Our correspondents highlight the difference between marketing and service emails, and how to ensure compliance with PECR. The ICO’s investigation into Amex was triggered by just a few complaints, but resulted in the company facing the reputational consequences. Amex’s arguments, including that customers would be disadvantaged if they weren’t aware of the company’s campaigns, and that the emails were a requirement of its Credit Agreements with customers, did not wash with the ICO.

The ICO is calling for input at an early stage of developing its guidance on anonymisation, pseudonymisation and privacy enhancing technologies. When personal data can be considered anonymised is a question that many organisations grapple with – read our correspondent’s thoughts around this area.

Also in this issue – the value and use of data and what this means for the regulation of digital and data services, Guernsey’s social initiative on ethical data use, the pitfalls of using personal emails at work and data protection safeguards regarding the NHS Digital’s national database.

Laura Linkomies
Editor, Privacy Laws & Business

July 2021