EU-UK Adequacy Decision allowing data to flow freely between the two nations brings welcome good news to organisations15th July 2021
When the UK left Europe, it meant that as were are no longer part of the European Union; there was no agreement in place to allow for personal data to flow freely between the UK and the EU.
Instead, a lot of ‘red tape’ would have been involved: additional arrangements would have had to have been put in place for each individual organisation to prove that any personal data being received from the EU was being adequately protected.
The transition period following Brexit (in which data was allowed to continue to flow freely pending this decision) was due to end on 30 June 2021. With very little room to spare, the announcement on 28 June 2021 was very welcome.
“. . . the EU has formally recognised the UK’s high data protection standards . . . This will allow the continued seamless flow of personal data from the EU to the UK”. www.gov.uk
The free flow of personal data is welcome news for UK businesses and organisations across many sectors, and the announcement has been warmly welcomed across the board.
John Foster, CBI Director of Policy, said that “the free flow of data is the bedrock of the modern economy,” with Julian David, CEO of techUK, equally delighted with the vote of confidence in the UK data protection regime, saying that “securing an EU-UK adequacy decision has been a top priority for techUK and the wider tech industry since the day after the 2016 referendum.”
The Information Commissioner’s Office confirmed that the announcement means that the EU has ‘determined the UK’s data protection laws to be robust enough to ensure data can safely flow to the UK from the EU (and EEA).
A few things to note:
- The Adequacy Decision includes a ‘sunset’ clause which means that it will be reviewed in four years.
- It will also be under constant review, and if the EU considers the UK’s standards to drop, they could withdraw the agreement.
- Potential areas for concern are regarding issues of national security and intelligence and surveillance. Also, the UK’s Taskforce on Growth, Innovation, and Regulatory Reform has said that the UK could revise its privacy framework.
- It will also be necessary to watch whether the decision of the Schrems II case will have an impact. This led to the demise of the US Privacy Shield, which was the data-sharing agreement between the EU and USA, the USA being classed as a Third Party in terms of data transfers. Since Brexit, the UK is also a Third Party.
In summary, though, this is excellent news. It is an endorsement of our data protection policies. It is of enormous benefit to organisations wanting to transfer data freely back and forth between themselves and other organisations within the EU or broader EEA.
If you are wondering how or whether this decision affects you or what you need to do now, please get in touch. Take advantage of our complimentary thirty-minute Zoom consultation, and we can give you some peace of mind.