Select an area of expertise to find out more about our experience.
Find out more about our barristers and business support teams here.
On 28 June 2021, two days before interim arrangements expired, the European Commission decided that the UK’s data protection regime is ‘adequate’, which is not an example of damning with faint praise, but a formal determination that data transfers between the EU and UK can continue without the need for further safeguards – at least for now. In some senses, this is a major success for the UK: it was not inevitable, and a decision that the UK regime was ‘inadequate’ would have had major repercussions across the economy and Government, particularly given the doubts created about Standard Contractual Clauses following Schrems II.
But it’s probably a two cheers moment at best: not only can we expect the adequacy decision to be challenged in the CJEU (particularly given the UK’s somewhat more robust attitude to the monitoring of data flows by intelligence agencies than in many European states), but it was strictly time limited, with a review programmed after four years. That is likely to constrain the UK’s freedom to diverge dramatically from the current regime, notwithstanding that the recent report of the post-Brexit Taskforce on Innovation Growth and Regulatory Reform (or TIGRR) had that as one of its key recommendations. In an interesting article in The Times on 1 July, Linklaters’ partner Richard Cumbley argued that ‘a great deal could be achieved through small changes’ to the regime, including by tweaking guidance and simplifying the complex structure of the Act and UK GDPR. That is no doubt right, but it is difficult to see it satisfying those who want wholesale reform – which would, in turn, put the hard-won adequacy decision at risk. A case of TIGRR tweaking the tiger’s tail?
“GDPR is flawed but cannot be easily replaced”, Richard Cumbley in The Times, 1 July 2021: (paywall)
A monthly data protection bulletin from the barristers at 5 Essex Chambers
The Data Brief is edited by Francesca Whitelaw KC, Aaron Moss and John Goss, barristers at 5 Essex Chambers, with contributions from the whole information law, data protection and AI Team.