To ask Her Majesty's Government what assessment they have made of the likelihood of legal challenges from privacy advocates against transfers of personal data between businesses in the EU and the UK after 31 December.
Answered on
27 October 2020
At the end of the transition period, UK domestic law will treat EU (and wider EEA) states and institutions as adequate on a transitional basis for the purposes of the UK GDPR, so personal data can continue to flow from the UK to the EEA without further safeguards needing to be implemented.
In order for the free flow of personal data from the EEA to the UK to continue at the end of the transition period, we are seeking an adequacy decision from the EU under the GDPR. Our view is that the UK more than meets the ‘essentially equivalent’ adequacy test. However, if the EU has not made an adequacy decision in respect of the UK before the end of the transition period, there are alternative mechanisms which organisations in the EU/EEA can use to lawfully continue to send personal data to the UK from 1 January 2021. Standard Contractual Clauses (SCCs) are the most common legal safeguard and will be the relevant mitigation for most organisations.
These measures should address any potential risk of challenge from privacy advocates.