European Commission decides UK Data Protection is adequate
1 July 2021
The European Commission has decided that UK Data Protection is adequate, for now.
The European Commission has come to a decision, if not a conclusion, regarding UK data protection adequacy. With the ‘bridging mechanism’ for EU/UK data transfers set to expire in a few days, the decision, although expected, was certainly cutting it close.
Although the UK had already decided that the EU and EEA offered adequate protection for the flow of data from the UK to the EU, the ‘bridging mechanism’ provided a temporary grace period for data flows to continue from the EU to the UK. This gave the EC time to assess UK adequacy under the GDPR and Law Enforcement Directive.
The decision gives a degree of certainty to organisations involved in cross border data transfers and reassures EU Citizens that their personal data will be protected if it is transferred to the UK. The Commission has concluded that, post Brexit, the UK continues to adhere to obligations set out under the GDPR and Law Enforcement Directive, respecting their overarching rights and underlying principles, and that these have been incorporated into UK law. Also acknowledged were the strong safeguards in place within the UK for public authority access to personal data, particularly with respect to national security implications.
Interestingly, the Commission has included a ‘Sunset Clause’ for the first time in an adequacy decision. What this means is that the decisions will automatically expire after four years in effect but can be automatically renewed provided that the UK continues to demonstrate an adequate commitment to the protection of personal data. The Commission also has the right to revisit their adequacy decision if they determine that the UK has deviated too far from the current adequate levels of protection.
Both the EU and UK have welcomed the decision, with businesses especially pleased as it means that they can continue to send to and receive data from the EU without having to make changes to current data protection practices.
Following the Brexit vote in June of 2016, the implications of data protection legislation have been hanging over much of the data related decision making for both UK and EU businesses and while this solves an important issue for now, there continues to be the possibility that the Commission will change its mind if the UK changes their current practice. Added to the ‘sunset clause’, this means that this decision may yet be overturned in 2025. The EU will be closely watching the UK’s performance on Data Protection, the relevant safeguards and equivalency for many years to come.
If you would like to learn more about how to ensure you are covered with respect to all obligations, principles and rights as laid out within both the GDPR and Law Enforcement Directive, as well as other information security obligations, then please reach out to Peter Friis or one of our other EU legislative experts. We would be happy to help you navigate the extensive legislative requirements and talk you through how to protect the private information that has been entrusted to you.Back to all news
- Lone Prehn wins Client Choice Awards 2022 for Trademarks in Denmark15 November 2022
- Zacco supports and partners with Star for Life Ukraine28 October 2022
- Meet Amin and Navid, our newly authorised EPA’s at the Gothenburg office6 October 2022
- Five colleagues announced as MIP Rising Stars 2022!4 October 2022
- Zacco takes home Trademark Prosecution Firm of the Year for Sweden16 September 2022
- Vacation is a time to relax, but don’t let your digital guard down13 July 2022
- UK Government publishes its response to a public consultation on AI and IP5 July 2022
- Zacco ranked as a Top Tier Patent Prosecution firm 20221 July 2022
- 23 practitioners at Zacco ranked in the IAM Patent 1000 for 2022!29 June 2022
- Karin Kärvling Søholt – Director of Strategic Alliances17 June 2022