The Computer & Communications Industry Association (CCIA) has welcomed moves by the European Commission (EC) to grant data adequacy to the UK. Alexandre Roure, CCIA Public Policy Senior Manager, said the decision was good for EU and UK consumers and businesses, adding that it would ensure continued data flows for thousands of companies.
The EC has launched the process for adopting two adequacy decisions for transfer of personal data to the UK - one for the Law Enforcement Directive and the other under the General Data Protection Regulation (GDPR). With these draft decisions, the EC has concluded that the UK provides a level of protection for EU personal data that is equivalent to EU laws. Once formally approved, this will allow UK and EU businesses to continue transferring personal data securely.
Vera Jourova, EC Vice President for Values and Transparency, said the decisions include 'clear and strict mechanisms' for review/monitoring and suspension/withdrawal of approval to address any changes to the UK system after adequacy is granted. Both decisions will be subject to review at least every four years.
In response to the publication of the EC's draft data adequacy decision, the UK's Information Commissioner's Office (ICO) said it was an important step for continued, frictionless data transfers from the EU to the UK. The UK government also welcomed the decisions and called on the EC to complete the technical approval process quickly to provide final data adequacy decisions as soon as possible. The 'bridging mechanism' will stay in place until 30 June 2021 or until the final adequacy decisions comes into effect, whichever is sooner.
