On 28 June 2021, the European Commission announced it has approved two adequacy decisions for the United Kingdom (UK). With these decisions, one under the General Data Protection Regulations (GDPR) and one under the European law enforcement directive, the Commission confirms the UK offers a level of data protection that is essentially equivalent to that in the European Union (EU). With this hurdle out of the way, personal data can continue to flow freely from the EU to the UK, without the need for additional safeguards or regulator approval. The free flow of data in the other direction, from the UK to the EU, had already been confirmed by the British government at the time the UK ceased being a member of the EU.
But will the UK adequacy decisions stand the test of time? Not only do they expire automatically after four years, but the opponents are also sharpening their knives for a challenge in court. And the UK Government seems eager to drop the memory of the GDPR, and to replace the UK GDPR with a more trade and business friendly data protection law. This week, Paul Breitbarth and K Royal discuss the details of the UK adequacy decisions and the future of data protection law in Britain with our own UK expert Ralph O’Brien. This episode can be heard on our website or streamed below.