UK Government sets out its approach to UK data adequacy decisions
As the UK looks to secure adequacy arrangements with new partners around the world, the Department for Digital, Media, Culture and Sport (DCMS) and the Information Commissioner’s Office (ICO) have published a Memorandum of Understanding on the role that they both hold in the UK’s new adequacy process.
As the UK awaits the final decision from Brussels on its data adequacy decision – enabling the continued free flow of personal data between the European Economic Area and the UK – the UK government is already making its own preparations to strike new adequacy arrangements with other countries around the globe.
The Memorandum of Understanding, which was signed between the Secretary of State for the Department for Digital, Culture, Media and Sport and the Information Commissioner and published on 19 March, provides details on the UK’s approach to new adequacy arrangements.
The objectives of the Memorandum of Understanding (MoU) include setting out how DCMS and the ICO will share expertise and maintain a working-level of cooperation and consultation and the respective roles and responsibilities of DCMS and the ICO in the context of future decision-making by the Secretary of State in relation to UK Adequacy Regulations.
This transparency is welcome and something techUK has called for.
The MoU outlines the UK Adequacy Assessment Work, which will unfold in four broad phases:
- Gatekeeping – the decision as to whether to commence an assessment in respect of the specific country, territory, business sector or competent international organisation.
- Assessment – collecting and analysing information relating to the level of data protection within the specific country, territory, sector or international organisation.
- Recommendation – DCMS UK Adequacy Assessment team making a recommendation to the Secretary of State who will then decide whether to make a finding of adequacy and make UK Adequacy Regulations in respect of another country, territory, sector or international organisation being assessed.
- Procedural – formalising the relevant UK Adequacy Regulations, laying these in Parliament, and any subsequent publication of the ICO’s opinion.
Despite a close working-level engagement between DCMS and the ICO throughout all the four stages of this process, the UK Government will undertake UK Adequacy Assessment Work and the DCMS Secretary of State alone retains the decision-making power as to the adequacy of another country. The Secretary of State will consult the ICO before making UK Adequacy Regulations and will take into account, but is not bound by, the ICO’s views.
This Memorandum of Understanding will be reviewed between 1 July 2021 and 31 December 2021 and annually thereafter, unless a review is mutually agreed to be required sooner.
Complimenting this development is Minister for Media and Data, Rt. Hon John Whittingdale OBE MP’s blog published by Privacy Laws & Business where he confirms the UK’s intention to expand the list of adequate destinations “in line with the UK’s commitment to high standards of data protection” and remove unnecessary barriers to transfers of data to the UK, from international partners beyond the EU.
The Minister also stated that the UK government will be developing a toolkit based around the data rights and approaches in UK law, which will be focused on removing the unnecessary bureaucracy in the system and on getting the right outcomes for data protection.
techUK has recently published a discussion paper on the future of data governance which provides an number of suggestions to create a success international transfers regime for the UK and we look forward to working with DCMS ahead of the release of the National Data Strategy.
Latest News from
Join us for techUK’s Local Digital Capital Week 202230/09/2022 16:25:00
From 24 October to 28 October, we are highlighting the contributions made by the UK tech sector to improve the local and regional tech scene, playing a vital role in the levelling up agenda through innovation and engagement.
UK Government to review EU Retained law by 2023 through new Parliamentary Bill30/09/2022 14:38:00
The UK Government has announced the introduction of the Retained EU Law (Revocation and Reform) Bill to review EU legislation that still exists in the UK legal system.
EU Liability Directive on AI30/09/2022 11:25:00
The European Commission recently (28 September 2022) released its legislative proposal on AI liability, alongside a revised Product Liability Directive (PLD), aiming to bring the EU’s liability regime into the digital age.
New Retained EU Law Bill creates uncertainty for UK businesses29/09/2022 16:25:00
The UK Government has announced the introduction of a new Bill aimed at removing the retained EU legislation that exists in the UK legal system.
Report by The King’s Fund: “Interoperability is more than technology”29/09/2022 14:43:00
The King’s Fund’s latest report, Interoperability is more than technology: The role of culture and leadership in joined-up care, examines the long-standing challenges in overcoming silos and the culture issues that must be addressed.
Breaking down McKinsey's Report: Why digital trust truly matters29/09/2022 11:25:00
A recent McKinsey report has shared key findings relating to why digital trust matters for organisations.
Interoperability: the key to unlocking NHS data challenges28/09/2022 16:25:00
Integrated Care Systems (ICSs) are an essential ingredient of the NHS Long Term Plan, with England now served by 42 ICSs as of July 2022. The need to ensure that data flows readily and securely between central and regional organisations is vital.
Results of techUK Defence Programme elections announced26/09/2022 16:25:00
techUK is delighted to announce the results of the 2022 Defence Programme elections.