These adequacy decisions do not concern the exchange of data in the area of law enforcement services under the Police Directive (Article 36 of the Directive (EU) 2016/680). You may have heard of “relevance” and speculation as to whether the UK would benefit from a “adequacy status.” Let us explain. In this blog we will detail the situation of the United Kingdom and, in particular, how it can become an appropriate country. If no adequacy decision is made, the other options are the most important, but I think it is equally important for companies to understand that the UK could change slightly. We could find ourselves in a situation where Europe is naturally limited to the transfer of data to third countries, and the UNITED Kingdom will technically be a third country if we do not get this adequacy agreement. In theory, there is no reason not to immediately grant the UK an agreement on data adequacy, given that it is the only country to think that it is equivalent to the EU after implementing its rules under the Data Protection Act (2018), among others. The lack of agreement so far therefore indicates that the data have become another political negotiating partner in the search for a trade agreement. All the “ons” and “offs” of the binary world seem increasingly dependent on the “on/off” relations of the United Kingdom with Brussels. The United Kingdom is currently negotiating an adequacy decision so that the data can continue to flow freely. The Guardian recently reported that an agreement was close to the hour, but since then there has been a withdrawal from that position.
But this could only be the sound and anger of the final phases of the deal making process. In general, the Commission is examining whether a country outside the EU offers an adequate level of data protection. National (general and sectoral) law, international obligations, existing and functional obligations The supervisory authority (The Office of the Information Commissioner, ICO) will be reviewed. The UK Government believes that a “adequacy decision” should be easy to obtain, given that the RGPD is introduced into UK local law and the UK, as a former EU member state, has a long tradition of protecting personal data. According to the government, the UK data protection framework will be fully aligned with the RGPD when it leaves the EU. However, some challenges have arisen: EU and UK representatives have been negotiating a possible deal since March. Brussels, however, remains concerned about how British security authorities access AND share EU data with other countries, including the United States. In July, the Luxembourg-based EU court overturned a us-led adequacy decision – the “data protection shield” because it said US surveillance legislation was too intrusive for Eu standards. On 10 November 2020, the European Data Protection Committee published new guidelines on standard contractual clauses, which set out additional measures to address the deficiencies, along with the clauses mentioned in SCHREMS II.