In an article originally published on Practical Law, Hunton Andrews Kurth partner Bridget Treacy discusses the European Commission’s long-awaited SCCs, including considerations for personal data transfers from the UK. This blog entry provides a link to download the article.
Continue Reading European Commission’s New Standard Contractual Clauses: What They Mean for UK Businesses

On June 28, 2021, the European Commission adopted two adequacy decisions for the United Kingdom, one under the GDPR and another under the Law Enforcement Directive. Their adoption means organizations in the EU can continue to transfer personal data to organizations in the UK without restriction, and will not need to rely upon data transfer mechanisms, such as the SCCs, to ensure an adequate level of protection.
Continue Reading European Commission Adopts UK Adequacy Decision

On June 16, 2021, the UK Government’s Taskforce on Innovation, Growth and Regulatory Reform published an independent report containing recommendations to the Prime Minister on how the UK can reshape its approach to regulation in the wake of Brexit (the “Report”). Among wide-ranging proposals across a range of areas, the Report recommends replacing the UK General Data Protection Regulation (“UK GDPR”) with a new UK Framework of Citizen Data Rights. The proposed approach would aim to give individuals greater control over their personal data while also allowing increased data flows and driving growth in the digital economy. The Report will be considered by the Government’s Better Regulation Committee.

Continue Reading Government Taskforce Recommends UK GDPR Reform

On May 25, 2021, the Grand Chamber of the European Court of Human Rights handed down its judgement in the case of Big Brother Watch and Others v. the United Kingdom, determining that the former surveillance regime in the UK violated Article 8 of the European Convention on Human Rights (i.e., the right to respect for private and family life).
Continue Reading European Court of Human Rights Says Bulk Interception Is Not a Violation of Human Rights

On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses for transfers of personal data to third countries under the EU General Data Protection Regulation, as well as the final version of the new standard contractual clauses.
Continue Reading European Commission Publishes Final Version of Updated Standard Contractual Clauses

On May 26, 2021, the Court of Appeal handed down its judgment in the case of R (Open Rights Group and the3million) v Secretary of State for the Home Department and Others [2021] EWCA Civ 800, finding that the UK 2018 Data Protection Act’s “immigration exemption” is unlawful.
Continue Reading UK Court of Appeal Signals It Will Closely Scrutinize UK DPA Exemptions

On May 11, 2021, the European Parliament issued a press release requesting that the European Commission amend its draft decisions on UK adequacy to more closely align with EU court rulings and the opinion of the European Data Protection Board. The request came after the Parliament’s Civil Liberties Committee passed a resolution evaluating the Commission’s approach regarding the adequacy of the UK’s data protection regime.
Continue Reading MEPs Urge European Commission to Amend Draft UK Adequacy Decision

The European Data Protection Board has adopted its Opinion on the draft UK adequacy decision issued by the European Commission on February 19, 2021. The EDPB’s Opinion is non-binding but will be persuasive. The adequacy decision will be formally adopted if it is approved by the EU Member States acting through the European Council. If the adequacy decision is adopted, transfers of personal data from the EU to the UK may continue without the implementation of a data transfer mechanism under the EU General Data Protection Regulation, such as Standard Contractual Clauses.
Continue Reading EDPB Adopts Opinion on Draft UK Adequacy Decision

On April 9, 2021, the First-Tier Tribunal of the General Regulatory Chamber stayed proceedings in Ticketmaster UK Limited’s (“Ticketmaster’s”) appeal against a fine issued by the UK Information Commissioner’s Office (“ICO”) until 28 days after a judgment in civil litigation brought by 795 customers against Ticketmaster. The group action, which relates to the breach for which Ticketmaster was fined by the ICO, is currently before the High Court in England. As a result of the stay in proceedings, the appeal likely will not be heard before the Tribunal until mid to late 2023.

Continue Reading Ticketmaster Appeal of ICO Fine Stayed by UK Tribunal Until 2023