Securiti announces a $75M Series C Funding Round
ViewOn 19 February 2021, the European Commission published its draft UK adequacy decision that allowed for continued free flow of personal data from the EU into the UK. On 13 April 2021, the EDPB delivered Opinion 14/2021 for transfers of personal data under the GDPR and Opinion 15/2021 for transfers of personal data under the Law Enforcement Directive.
The EDPB notes that there are many areas of convergence between UK and EU data protection frameworks such as the following:
Despite the areas of convergence, there are certain aspects in the UK data protection framework that need to be closely monitored by the European Commission to ensure that the essentially equivalent level of protection is met.
Some of the aspects highlighted by the EDPB are as follows:
The immigration exemption in the UK data protection framework restricts data subjects’ rights to information, access, rectification, erasure, restriction of processing, and object to the extent that giving effect to these rights is likely to prejudice the maintenance of effective immigration control. It applies to controllers who process personal data for immigration control purposes or transfer data to controllers who are responsible for such processing. The EDPB notes that the exemption is broadly formulated and there is a lack of a legally binding instrument that clarifies its scope.
There are certain aspects of the UK legislative framework concerning onward transfers that might undermine the level of protection of personal data transferred from the European Economic Area (EEA). In this regard, the EDPB recognizes the following challenges:
In relation to the access of personal data by public authorities in the UK, the EDPB recommends the European Commission to assess the following aspects of the UK legal framework:
The Investigatory Powers Act 2016 sets out the extent to which certain investigatory powers may be used to interfere with privacy. The EDPB notes the following points of attention in relation to the scope of the application of the IPA 2016:
The EDPB notes that there is a need for the assessment of bulk interceptions, in particular, the selection and application of selectors in the context of bulk interception procedures and whether or not safeguards are in place to protect the fundamental rights of individuals whose data are intercepted in this context.
The application of national security exemption provided under the UK law may compromise the principles of purpose limitation, necessity and proportionality, and data subjects’ rights in the third country of destination. Therefore, the EDPB recommends the European Commission to examine the overall safeguards provided under the UK legal framework when it comes to overseas disclosures, in light of the application of national security exemption.
The European Commission will now seek approval on the UK adequacy decision from the representatives of each member state. Following that, it will adopt a final decision regarding the UK adequacy. The UK is likely to be approved as an adequate country. However, the fact that the EDPB highlighted many areas of concern in the UK legal framework reflects an extremely cautious and objective approach towards cross-border data transfers. This approach indicates that the UK adequacy decision will be subject to regular reviews and monitoring by the European Commission.
Get all the latest information, law updates and more delivered to your inbox
March 24, 2023
Data plays a crucial role in the financial services industry, whether it's consumer-facing or commercial. It enables organizations to drive business insight and profitability...
March 16, 2023
On March 2, 2023, the Biden-Harris administration announced its National Cybersecurity Strategy1 to secure the full benefits of a safe and secure digital ecosystem...
March 15, 2023
With the proliferation of data protection regulations globally over the last decade, organizations have been under unprecedented scrutiny regarding their resolve to ensure their...
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
[email protected]
3031 Tisch Way Suite 110 Plaza West, San Jose,
CA 95128