THE PRIVACYPERFECT BLOG

On 14 April 2021 the European Data Protection Board (EDPB) adopted two Opinions on the draft UK adequacy decisions.

It is not a done deal, but the report by the EU wide umbrella organisation for privacy protection seems to be one more significant hurdle cleared for EU-UK data flows.

There are two opinions since there are two draft adequacy decisions, one dealing with law enforcement and national security and the second dealing with more general data protection and data transfer matters.

The EU agreed to further postpone Brexit until 31 January 2020, the so-called “withdrawal date”. Before such date there will be parliamentary elections in the UK on 12 December 2019.

In terms of data protection, the UK will eventually become a third country in case of a Brexit, meaning that an organisation established in the EEA should implement an adequate data transfer mechanism to share personal data with other organisations in the UK, such as other group offices or service providers. The new postponement gives companies some extra time to look at the possible data transfer mechanisms for implementation after the withdrawal date. Even in case of yet another postponement thereof, sooner or later the UK will become a third country.

In this blog, Timelex will explain the data transfer possibilities in more detail.

New cookie guidance, joint controllership status due to social media plugins, and tech companies spying on you through their digital assistants - they might be listening when you ask Google or Siri for the route back home from France. The weeks from the 20th of July to the 10th of August were hectic. Instead of going through piles of news around data privacy from the summer months, get quickly caught up by looking at a summary of the most important happenings in this short blog post, the second of a three piece series, focusing on the last two summer months.