The UK’s quest for unhindered information flows to and from the EU took a further essential stage forward yesterday following the European Knowledge Security Board (EDPB) accepted the Commission’s draft adequacy conclusions.
Adequacy choices are the system by which the European Union decides no matter whether countries outside the house the bloc supply an suitable level of safety for the knowledge of EU citizens. They are critical to granting seamless details flows involving the EU and so-termed “third countries” like the UK put up-Brexit.
Immediately after the European Commission issued two draft adequacy conclusions in February 2021 approving the UK’s details protection regime, the EDPB has now recommended their acceptance. The board is an independent European body established up to guarantee dependable application of the GDPR.
“The EDPB claims that there are key places of ‘strong alignment’ concerning the EU and the UK info defense frameworks such as on: grounds for lawful and truthful processing for reputable reasons reason limitation data excellent and proportionality data retention, security and confidentiality transparency distinctive types of info and on automatic choice creating and profiling,” defined compliance gurus Cordery.
“But it is not an unqualified blessing. The EDPB highlights a amount of spots requiring even further evaluation and monitoring like: the UK exception for immigration facts onward transfers and the purpose and powers of the security services.”
The latter could be a particular sticking place, supplied the outsized powers for mass surveillance the UK’s Investigatory Powers Act grants to its intelligence companies. It was a comparable issue which led to the collapse of the Harmless Harbor and Privacy Defend facts sharing agreements amongst the EU and US.
In a related method, privacy teams may perhaps well challenge any formal EU decision in the courts, as transpired with the now popular Schrems circumstances.
Which is why Cordery is advising its customers to be certain they make substitute arrangements in scenario the adequacy choices are not confirmed, or as coverage versus any profitable future obstacle.
This consists of items like updating privacy policies, mapping facts flows in and out of the UK, putting agreements in area to defend facts transfers, undertaking because of diligence on suppliers, and even info localization in the very long-term.
The UK’s non permanent info deal with the EU will expire at the end of this thirty day period unless of course renewed. It desperately demands an adequacy decision presented the size of its electronic economic climate. The UK’s e-commerce industry is the biggest in the region, for illustration.
Some elements of this article are sourced from: