Abstract
When the UK was preparing to leave the EU and become a third country for EU data protection purposes, it opted to maintain alignment with EU data protection laws, including the General Data Protection Regulation (GDPR), and considered a variety of mechanisms to effectuate seamless EU–UK personal data transfers before applying for a GDPR adequacy assessment by the European Commission (the Commission). Then, after the adoption of the adequacy decision by the Commission on 28 June 2021, the UK government announced an intention to consult on proposed changes to UK data protection law with a view to modernising the law to foster and encourage innovation removing barriers and reducing burdens on organisations, to allow the UK to ‘operate as the world’s data hub’ while maintaining high data protection standards so as not to jeopardise the EU–UK adequacy decision. Mindful of these developments, this chapter has two goals, the first of which is to explain why the UK was initially reluctant to apply for an adequacy decision, before outlining how the Commission assesses adequacy. The second is to outline proposed changes to UK data protection law and consider whether the UK is seeking merely to make appropriate use of the white space in the GDPR and the degree of divergence permitted from the EU standard with assessing adequacy or to substantially diverge from the GDPR.
The chapter demonstrates that the UK government has, over time, resiled from many of the more radical reform proposals it initially consulted on. It concludes that if implemented in their current form, many of the proposed changes are minor and only a few of the proposed changes would result in significant divergence from the GDPR and would cause the EU to question whether to attach conditions to the renewal of the adequacy decision or refuse to renew it in due course.
The chapter demonstrates that the UK government has, over time, resiled from many of the more radical reform proposals it initially consulted on. It concludes that if implemented in their current form, many of the proposed changes are minor and only a few of the proposed changes would result in significant divergence from the GDPR and would cause the EU to question whether to attach conditions to the renewal of the adequacy decision or refuse to renew it in due course.
Original language | English |
---|---|
Title of host publication | Data Protection and Digital Sovereignty Post-Brexit |
Editors | Edoardo Celeste, Róisín Á Costello, Edina Harbinja, Napoleon Xanthoulis |
Publisher | Bloomsbury |
Chapter | 2 |
Edition | 1 |
ISBN (Electronic) | 9781509966493, 9781509966509 |
ISBN (Print) | 9781509966486 |
Publication status | Published - 7 Sep 2023 |