UK granted data adequacy by the European Commission

The decision granting the UK data adequacy is welcomed by techUK members for whom maintaining interrupted data flows is a key concern emerging from the UK’s departure from the EU.

On 19 February 2021, the European Commission launched the process towards adopting two adequacy decisions after having assessed the UK’s data protection regime as providing an equivalent level of protection to the EU General Data Protection Regulation (GDPR) and the Law Enforcement Directive. These decisions, if adopted by the European Council, will grant the UK ‘data adequacy’ permitting the continued free flow of personal data between the European Economic Area (EEA) and the UK.

Under the EU GDPR transfers of personal data to non-EU/EEA countries are not automatically allowed, requiring an additional legal basis. Data adequacy decisions provide such a legal basis and are granted to countries which demonstrate an equivalent level of data protection to the EU GDPR.

Personal data was still able to be exchanged freely between the UK and the EU during the transition period between 31 January 2020 and 31 December. The EU-UK Trade & Cooperation Agreement (TCA) signed on 24 December 2020 included a bridging mechanism up until June 2021 to extend this as there was insufficient time for the European Commission to complete its data adequacy assessment before the end of the transition period.

The decision will now be scrutinised by the European Data Protection Board which will give an opinion on the Commission's assessment. After the opinion is given, the decision will progress to comitology before a final decision is taken by the European Council.

If the adequacy decisions are adopted, companies based in the UK that want to continue transferring data from the EU to the UK will not need to put in place an additional legal basis, such as Standard Contractual Clauses (SCCs), to transfer personal data with the EEA. The adequacy decision will be reviewed after four years.

Since the day after the 2016 EU referendum, techUK members with bases in the UK and the EU have advocated for the continued free flow of data between the UK and the EU as one of their core priorities.

According to a report by the New Economics Foundation and the UCL European Institute, the additional compliance obligations resulting from not receiving data adequacy could have cost the UK economy up to £1.6 billion.

The decision by the European Commission that the UK is adequate is significant for both the UK and EU tech sectors which raised a combined $41bn in investment in 2020 and are at heart of  the post-COVID 19 economic recovery plans. Combined with the non-discrimination and data flows provisions within the UK-EU TCA, this decision will enable UK and EU technology companies to access the maximum benefits from the new UK-EU trading relationship.
 

Commenting on the data adequacy decisions, techUK CEO Julian David said:

The European Commission decision that the UK’s data protection regime offers an equivalent level of protection to the EU GDPR is a vote of confidence in the UK’s high data protection standards. Today's decisions are warmly welcomed by the tech sector which has been making clear the importance of a mutual data adequacy agreement since the day after the referendum. Receiving data adequacy, alongside the EU-UK Trade and Cooperation Agreement, will set a solid foundation for digital trade with the EU, including strong non-discrimination clauses and positive data flows provisions, that will give businesses the confidence to invest. As we go forward, the UK must also complete the development of its own international data transfer regime, allowing UK companies not just to exchange data with the EU, but also to be able to access global opportunities.

Julian David

techUK

 

Neil Ross

Neil Ross

Associate Director, Policy, techUK

As Associate Director for Policy Neil leads on techUK's public policy work in the UK. In this role he regularly engages with UK and Devolved Government Ministers, senior civil servants and members of the UK’s Parliaments aiming to make the UK the best place to start, scale and develop a tech business.

Neil joined techUK in 2019 to lead on techUK’s input into the UK-EU Brexit trade deal negotiations and economic policy. Alongside his role leading techUK's public policy work Neil also acts as a spokesperson for techUK often appearing in the media and providing evidence to a range of Parliamentary committees.

In 2023 Neil was listed by the Politico newspaper as one of the '20 people who matter in UK tech' and has regularly been cited as a key industry figure shaping UK tech policy. 

Email:
[email protected]
Twitter:
@neil13r
Website:
www.techuk.org/
LinkedIn:
https://www.linkedin.com/in/neilross13/

Read lessmore

Sue Daley

Sue Daley

Director, Technology and Innovation

Sue leads techUK's Technology and Innovation work.

This includes work programmes on cloud, data protection, data analytics, AI, digital ethics, Digital Identity and Internet of Things as well as emerging and transformative technologies and innovation policy. She has been recognised as one of the most influential people in UK tech by Computer Weekly's UKtech50 Longlist and in 2021 was inducted into the Computer Weekly Most Influential Women in UK Tech Hall of Fame. A key influencer in driving forward the data agenda in the UK Sue is co-chair of the UK government's National Data Strategy Forum. As well as being recognised in the UK's Big Data 100 and the Global Top 100 Data Visionaries for 2020 Sue has also been shortlisted for the Milton Keynes Women Leaders Awards and was a judge for the Loebner Prize in AI. In addition to being a regular industry speaker on issues including AI ethics, data protection and cyber security, Sue was recently a judge for the UK Tech 50 and is a regular judge of the annual UK Cloud Awards.

Prior to joining techUK in January 2015 Sue was responsible for Symantec's Government Relations in the UK and Ireland. She has spoken at events including the UK-China Internet Forum in Beijing, UN IGF and European RSA on issues ranging from data usage and privacy, cloud computing and online child safety. Before joining Symantec, Sue was senior policy advisor at the Confederation of British Industry (CBI). Sue has an BA degree on History and American Studies from Leeds University and a Masters Degree on International Relations and Diplomacy from the University of Birmingham. Sue is a keen sportswoman and in 2016 achieved a lifelong ambition to swim the English Channel.

Email:
[email protected]
Phone:
020 7331 2055
Twitter:
@ChannelSwimSue,@ChannelSwimSue

Read lessmore