TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout


Among the many topics top of mind for privacy pros at the IAPP Data Protection Intensive: UK in London is proposed reforms to the UK General Data Protection Regulation and the future of transborder data flows. This comes as the U.K.'s post-Brexit international data transfers agreement officially went into force Monday and negotiations around the current trans-Atlantic impasse continue behind the scenes. 

A day after U.K. Information Commissioner John Edwards made his first major public speech since his January appointment, Department of Digital, Culture, Media and Sport Director James Snook joined keynote panelists Ruth Boardman of Bird & Bird, Hogan Lovells Partner Eduardo Ustaran, CIPP/E, and IAPP Chief Knowledge Officer Caitlin Fennessy, CIPP/US, Thursday for a wide-ranging discussion on U.K. reforms, including potential adequacy agreements, prospects for increased data localization, and, relatedly, the chances of a replacement for the EU-US Privacy Shield arrangement.

With U.S. President Joe Biden in Brussels Thursday for discussions with NATO allies on a response to Russia's war against Ukraine, some rumors are swirling that a Privacy Shield replacement may be announced soon. Though there's been a slow drip of news stories that an agreement is pending in recent weeks, details for an agreement remain vague. 

While Thursday's keynote panels were on stage discussing U.K. reforms and transfers, Politico reported that "Political pressure from senior political leaders on both sides of the Atlantic, including European Commission President Ursula von der Leyen, is mounting to approve a new Privacy Shield pact as early as this week with technical details to be smoothed out over the coming weeks." 

Though the devil will certainly be in the details, separate talks between the U.K. and U.S. are also ongoing. The DCMS's Snook said the U.K. government is "having constructive conversations" with their U.S. counterparts and noted that both sides, as well as the EU, "share similar priorities." 

Privacy Shield replacement negotiations aside, Snook said data is a global issue and that there's a responsibility on governments to create a better and more sustainable structure to facilitate global data flows. 

For the U.K., data protection law reforms means it is walking a fine line between reforming the U.K. General Data Protection Regulation while continuing to keep its adequacy status with the EU.

Ustaran suggested people should "relax a bit" about adequacy. It's "not something you play with," he said, adding, "it's not a bargaining chip." He said there is a long tradition of data protection in the U.K. and that the direction of reform still moves in the same direction as the EU. Other countries, he said, have been trying to achieve adequacy for years, but during Brexit, the U.K. was still able to gain adequacy. "My message to you," he said, "is don't worry so much about adequacy. It's not going to go. There are much bigger problems in the world than losing adequacy, and it's not at risk in the way that people appear to think." 

Snook, who was part of the adequacy assessment negotiations during Brexit, said the U.K. government "is not naïve about the benefits of EU adequacy to all the organizations represented in this room and particularly the EU organizations who are actually the primary beneficiaries of adequacy." He added that he thinks there "is a problem if we are operating under a global system that expects identical data protection laws because that doesn't reflect the differing values and differing legal systems and differing constitutional regulatory systems in differing countries." He stressed the importance of adding to the list of adequate nations because the burdens and uncertainty on industry is "just too great." 

Notably, Snook also said the U.K. will not wait for the EU to decide on adequacy before the U.K. government does. "Certainly don't expect us to just be following after" the EU, he said. 

As the U.K. sets out to reform its post-Brexit data protection law, Bird & Bird's Boardman highlighted two key things industry is looking for from the U.K. government. "First," she said, "don't make the situation worse. Don't add to the uncertainty, bureaucracy and the complications by unique, bespoke U.K. solutions which add bureaucracy without benefit."

Secondly, she said these reforms are an opportunity "to show there is a better way to do this." Though it won't be easy, she conceded, "it is an important objective to show that you can more meaningfully protect individuals in a way that is less bureaucratic and which allows for the benefits that go with global data transfers." 

Credits: 1

Submit for CPEs


If you want to comment on this post, you need to login.