The Secretary of State for Digital, Culture, Media & Sport has signed a Memorandum of Understanding with the UK Information Commissioner’s Office in relation to new UK adequacy assessments following the UK’s departure from the European Union. The Memorandum of Understanding sets out how DCMS and third countries will negotiate adequacy decisions, referred to under the Memorandum of Understanding as “adequacy regulations”.
Continue Reading UK Government and ICO Agree on Procedure for Future Adequacy Decisions

On February 19, 2021, the European Commission published a draft data protection adequacy decision relating to the UK. If the draft decision is adopted, organizations in the EU will be able to continue to transfer personal data to organizations in the UK without restriction, and will not need to rely upon data transfer mechanisms, such as the EU Standard Contractual Clauses, to ensure an adequate level of protection.
Continue Reading European Commission Publishes Draft UK Data Transfer Adequacy Determination

On January 19, 2021, the UK Information Commissioner’s Office published its analysis of the application of the UK General Data Protection Regulation to transfers from UK-based firms or branches that are registered, required to be registered or otherwise regulated by the U.S. Securities and Exchange Commission.
Continue Reading ICO Confirms UK Firms May Rely on Public Interest Derogation for SEC Transfers

The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation and represents the first UK judgment dealing with the territorial scope of the GDPR. This was a “service out” case, where the claimant, Walter T. Soriano, sought the Court’s permission under the UK Civil Procedure Rules to serve proceedings on the defendants, who were all domiciled in the U.S.
Continue Reading UK Case Tests the Territorial Application of the GDPR to U.S. Run Website

Lexology’s Getting the Deal Through releases its 2021 guide on Data Protection and Privacy. Hunton’s privacy and cybersecurity team members serve as contributing editors of the guide and have authored multiple chapters, including on Belgium, the UK and United States. This blog entry provides a link to download the guide.
Continue Reading Hunton Privacy Team Contributes to 2021 Getting the Deal Through Guide on Data Protection and Privacy

On December 24, 2020, the European Union and the United Kingdom reached an agreement in principle on the historic EU-UK Trade and Cooperation Agreement. For data protection purposes, there is a further transition period of up to six months to enable the European Commission to complete its adequacy assessment of the UK’s data protection laws. For the time being, personal data can continue to be exported from the EU to the UK without implementing additional safeguards.
Continue Reading EU-UK Trade Deal: What It Means For Post-Brexit Data Flows

Sweet & Maxwell published the fifth edition of Data Protection Law and Practice written by Hunton’s Rosemary Jay. The latest edition provides a comprehensive and thorough review of the current state of data protection law in the UK, along with the background to the law.
Continue Reading Sweet & Maxwell Publishes the Fifth Edition of Data Protection Law and Practice Written by Rosemary Jay

On December 2, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted its response to the UK Department for Digital, Culture, Media and Sport’s UK National Data Strategy consultation. In its response, CIPL highlights several considerations for DCMS when further developing and implementing its NDS.
Continue Reading CIPL Submits Response to UK DCMS’ National Data Strategy Consultation