April 20, 2021

Volume XI, Number 110

Advertisement

April 19, 2021

Subscribe to Latest Legal News and Analysis

European Commission Publishes Draft UK Data Transfer Adequacy Determination

On February 19, 2021, the European Commission published a draft data protection adequacy decision relating to the UK. If the draft decision is adopted, organizations in the EU will be able to continue to transfer personal data to organizations in the UK without restriction, and will not need to rely upon data transfer mechanisms, such as the EU Standard Contractual Clauses, to ensure an adequate level of protection.

In reaching the decision, the European Commission spent approximately one year analyzing the data protection legal framework in the UK and concluded that the UK’s legal and regulatory data protection regime meets EU data protection adequacy requirements.

In a first for EU adequacy decisions, the draft UK decision includes a provision requiring an automatic review of the adequacy of the UK legal regime within four years. If, after that time, the adequacy of the UK has not been re-affirmed by the European Commission, the adequacy decision will lapse and the UK will no longer be considered adequate.

The EU and UK previously agreed, pursuant to the EU-UK Trade and Cooperation Agreement, on a transition period from January 1, 2021 for a period of up to six months, during which the UK will be treated as an adequate jurisdiction. If the draft decision is adopted, this temporary recognition will cease and instead the adequacy decision will apply.

Before the decision is formally adopted, the European Data Protection Board will issue a non-binding (although likely persuasive) opinion in relation to the decision. The European Parliament’s Committee on Civil Liberties also will issue a non-binding opinion in relation to the decision. The decision will be formally adopted after it has been approved by the EU Member States acting through the European Council.

The UK government issued a statement welcoming the decision.

Advertisement
Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 50
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement