IDC Names Securiti a Worldwide Leader in Data Privacy
ViewOn 19 February 2021, the European Commission published its draft UK adequacy decision that allowed for continued free flow of personal data from the EU into the UK. On 13 April 2021, the EDPB delivered Opinion 14/2021 for transfers of personal data under the GDPR and Opinion 15/2021 for transfers of personal data under the Law Enforcement Directive.
The EDPB notes that there are many areas of convergence between UK and EU data protection frameworks such as the following:
Despite the areas of convergence, there are certain aspects in the UK data protection framework that need to be closely monitored by the European Commission to ensure that the essentially equivalent level of protection is met.
Some of the aspects highlighted by the EDPB are as follows:
The immigration exemption in the UK data protection framework restricts data subjects’ rights to information, access, rectification, erasure, restriction of processing, and object to the extent that giving effect to these rights is likely to prejudice the maintenance of effective immigration control. It applies to controllers who process personal data for immigration control purposes or transfer data to controllers who are responsible for such processing. The EDPB notes that the exemption is broadly formulated and there is a lack of a legally binding instrument that clarifies its scope.
There are certain aspects of the UK legislative framework concerning onward transfers that might undermine the level of protection of personal data transferred from the European Economic Area (EEA). In this regard, the EDPB recognizes the following challenges:
In relation to the access of personal data by public authorities in the UK, the EDPB recommends the European Commission to assess the following aspects of the UK legal framework:
The Investigatory Powers Act 2016 sets out the extent to which certain investigatory powers may be used to interfere with privacy. The EDPB notes the following points of attention in relation to the scope of the application of the IPA 2016:
The EDPB notes that there is a need for the assessment of bulk interceptions, in particular, the selection and application of selectors in the context of bulk interception procedures and whether or not safeguards are in place to protect the fundamental rights of individuals whose data are intercepted in this context.
The application of national security exemption provided under the UK law may compromise the principles of purpose limitation, necessity and proportionality, and data subjects’ rights in the third country of destination. Therefore, the EDPB recommends the European Commission to examine the overall safeguards provided under the UK legal framework when it comes to overseas disclosures, in light of the application of national security exemption.
The European Commission will now seek approval on the UK adequacy decision from the representatives of each member state. Following that, it will adopt a final decision regarding the UK adequacy. The UK is likely to be approved as an adequate country. However, the fact that the EDPB highlighted many areas of concern in the UK legal framework reflects an extremely cautious and objective approach towards cross-border data transfers. This approach indicates that the UK adequacy decision will be subject to regular reviews and monitoring by the European Commission.
Get all the latest information, law updates and more delivered to your inbox
September 11, 2023
Securiti has just been recognized as a Leader in the “IDC MarketScape: Worldwide Data Privacy Compliance Software 2023 Vendor Assessment” report. This makes us...
May 10, 2023
Privacy-by-design and privacy-by-default are two cornerstone concepts of data protection regulatory frameworks. Thus, compliance thereof is an essential legal prerequisite for any entity which...
April 5, 2023
Online advertising has permeated every aspect of our digital experiences. From search engine results to social media feeds, advertisements seem to follow us everywhere...
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128