The Data Brief

A monthly data protection bulletin from the barristers at 5 Essex Chambers

Data Protection Act 2018 and UK GDPR are ‘adequate’, says EU

7 July 2021

On 28 June 2021, two days before interim arrangements expired, the European Commission decided that the UK’s data protection regime is ‘adequate’, which is not an example of damning with faint praise, but a formal determination that data transfers between the EU and UK can continue without the need for further safeguards – at least for now. In some senses, this is a major success for the UK: it was not inevitable, and a decision that the UK regime was ‘inadequate’ would have had major repercussions across the economy and Government, particularly given the doubts created about Standard Contractual Clauses following Schrems II.

But it’s probably a two cheers moment at best: not only can we expect the adequacy decision to be challenged in the CJEU (particularly given the UK’s somewhat more robust attitude to the monitoring of data flows by intelligence agencies than in many European states), but it was strictly time limited, with a review programmed after four years. That is likely to constrain the UK’s freedom to diverge dramatically from the current regime, notwithstanding that the recent report of the post-Brexit Taskforce on Innovation Growth and Regulatory Reform (or TIGRR) had that as one of its key recommendations. In an interesting article in The Times on 1 July, Linklaters’ partner Richard Cumbley argued that ‘a great deal could be achieved through small changes’ to the regime, including by tweaking guidance and simplifying the complex structure of the Act and UK GDPR. That is no doubt right, but it is difficult to see it satisfying those who want wholesale reform – which would, in turn, put the hard-won adequacy decision at risk. A case of TIGRR tweaking the tiger’s tail?

Further reading

Adequacy decision

TIGRR report

“GDPR is flawed but cannot be easily replaced”, Richard Cumbley in The Times, 1 July 2021: (paywall)

The Data Brief

A monthly data protection bulletin from the barristers at 5 Essex Chambers

The Data Brief is edited by Francesca Whitelaw KC, Aaron Moss and John Goss, barristers at 5 Essex Chambers, with contributions from the whole information law, data protection and AI Team.

Visit the Information Law, Data Protection and AI area

Search The Data Brief

Portfolio Builder

Select the practice areas that you would like to download or add to the portfolio

Download    Add to portfolio   
Title Type CV Email

Remove All


Click here to share this shortlist.
(It will expire after 30 days.)