Adequacy

Subscribe to Adequacy

On April 27, 2021, the Portuguese Data Protection Authority ordered the National Institute of Statistics to suspend, within 12 hours, any international transfers of personal data to the U.S. or other third countries that have not been recognized as providing an adequate level of data protection.
Continue Reading Portuguese DPA Orders Suspension of U.S. Data Transfers by Agency That Relied on SCCs

The European Data Protection Board has adopted its Opinion on the draft UK adequacy decision issued by the European Commission on February 19, 2021. The EDPB’s Opinion is non-binding but will be persuasive. The adequacy decision will be formally adopted if it is approved by the EU Member States acting through the European Council. If the adequacy decision is adopted, transfers of personal data from the EU to the UK may continue without the implementation of a data transfer mechanism under the EU General Data Protection Regulation, such as Standard Contractual Clauses.
Continue Reading EDPB Adopts Opinion on Draft UK Adequacy Decision

The Secretary of State for Digital, Culture, Media & Sport has signed a Memorandum of Understanding with the UK Information Commissioner’s Office in relation to new UK adequacy assessments following the UK’s departure from the European Union. The Memorandum of Understanding sets out how DCMS and third countries will negotiate adequacy decisions, referred to under the Memorandum of Understanding as “adequacy regulations”.
Continue Reading UK Government and ICO Agree on Procedure for Future Adequacy Decisions

On February 19, 2021, the European Commission published a draft data protection adequacy decision relating to the UK. If the draft decision is adopted, organizations in the EU will be able to continue to transfer personal data to organizations in the UK without restriction, and will not need to rely upon data transfer mechanisms, such as the EU Standard Contractual Clauses, to ensure an adequate level of protection.
Continue Reading European Commission Publishes Draft UK Data Transfer Adequacy Determination

On December 24, 2020, the European Union and the United Kingdom reached an agreement in principle on the historic EU-UK Trade and Cooperation Agreement. For data protection purposes, there is a further transition period of up to six months to enable the European Commission to complete its adequacy assessment of the UK’s data protection laws. For the time being, personal data can continue to be exported from the EU to the UK without implementing additional safeguards.
Continue Reading EU-UK Trade Deal: What It Means For Post-Brexit Data Flows

On November 10, 2020, Hunton Andrews Kurth will host a webinar examining the data protection considerations that arise on the UK’s departure from the EU. The UK’s Brexit transition period ends on December 31, 2020, and it is not clear whether the EU will formally recognize the UK’s data protection regime as ‘adequate.’ What does this mean for companies’ plans to update their data transfer mechanisms? Is adequacy the holy grail it is widely believed to be? What other issues must be considered? Is there still time?

Continue Reading Webinar on Brexit and Adequacy: Separating Fact from Fiction

The Centre for Information Policy Leadership at Hunton and the Data Security Council of India have published a report on “Enabling Accountable Data Transfers from India to the United States under India’s Proposed Personal Data Protection Bill,” which highlights the importance of continued flows of data between India and the U.S. following the expected passage of new comprehensive data protection legislation in India.
Continue Reading CIPL and DSCI Publish Report on Enabling U.S.-India Data Transfers