The UK regulatory situation is constantly changing with reflections on the protection of personal data UK adequacy decision Last adopted by the European Commission on 28 June.
The Commission’s decision provided stability to a long period of uncertainty due to the fact that, from 1 January 2020, the transfer of personal data in the UK was governed by the Interim and Provisional Regime.
Thanks for the adequacy assessment, EU and EEA businesses and organizations can transfer personal data to the UK without additional measuresThis greatly simplifies the burden on businesses and ensures the continuity of the transfer of personal data from the EU to the UK.
However, the decision provided for a “sunset clause”, which limits the term of the decision to four years and provides mechanisms for continued monitoring of the local legal framework. Therefore, should the Commission verify that the level of protection is no longer guaranteed, it can suspend, repeal or modify the decision.
Therefore any changes within the country’s legal system are the subject of special attention and subject to scrutiny by EU bodies and have consequences for all companies located within the union that do business with the United Kingdom.
Data protection promoted by EU Commission, United Kingdom: green light for data transfer
Data protection: UK reform proposal
On 10 September the British Government published Some reform proposals regarding the protection of personal data, to clarify aspects that still cause uncertainty and to create a system more conducive to development and innovation, while wishing to maintain high levels of data protection.
The text of the reforms is subject to public consultation until 19 November 2021.
Oliver Dowden, Secretary of State for Digital, Culture, Media and Sport, said: “Now that we have left the European Union, we have the freedom to create a new data regime: a regime that harnesses the power of data across all sectors of the ‘economy’. and society, for the benefit of British citizens and businesses, while maintaining high standards of data security”.
The reforms outlined in this proposal are aimed at:
- strengthen the UK’s position as a scientific superpower by simplifying the use of data by researchers and developers of AI and other cutting-edge technologies;
- To harness the unprecedented and life-saving use of personal data to combat the COVID-19 pandemic;
- Achieve UK status as a global hub for free and responsible data flow by forging new trade deals and partnerships with some of the world’s fastest growing economies;
- strengthen the responsibility of businesses to protect personal information, giving them the opportunity to grow and innovate;
- Ensuring that ICOs remain a major global regulator, allowing people to use data responsibly to achieve economic and social goals.
The protection of personal data of individuals is a central objective of the reforms, because, according to the Secretary of State, without the trust of businesses and citizens, the UK risks losing the benefits that a company could enjoy based on responsible use of data. These reforms will protect individuals’ personal data, ushering in a new “golden age” of development and innovation across the country.
In the document, the government acknowledges that There should be a flexible and dynamic set of data protection rules which are flexible enough to be interpreted quickly and clearly to adapt to the rapidly changing world of data-driven technologies.
Clarify data protection laws
Reforms will therefore need to provide greater clarity in data protection legislation to ensure that the laws keep pace with the development of state-of-the-art data-driven technologies. The potential improvements set out in the document are intended to create greater certainty for companies about when and how they can use personal data responsibly, and to ensure that laws more accurately reflect people’s expectations of their How data is processed and when should they be actively lending. Agreement.
According to the document, the current UK regime will be overly complex, as the UK GDPR contains a large number of texts that act as explanatory guides or explanatory guides to articles of law that, while providing valuable information on the interpretation of the rules, They are not part of the operational text in legal terms and their content is not fully reflected in the main body of the UK GDPR.
As a result, companies may be reluctant to adopt an interpretation of the law that is based on reading texts that are not supported by correspondence in the text of the standard. Therefore the government proposes to transfer some of the text to the articles of the law itself.
The proposals to provide greater clarity in the legislation will complement the work already underway by ICOs to provide concrete guidance and support on how to implement the rules, thus protecting companies from developing innovative data-driven products and services. It will help you to achieve your goal. Customer and consumer trust.
Taking advantage of global data sharing is essential
In the context of the international flow of personal data, the UK Government reaffirms that improving public safety is a central objective, as is a commitment to strengthen the protection of citizens through deeper cooperation with international law enforcement partners. In fact, he believes it is essential that the United Kingdom be able to take advantage of the benefits of global data sharing to effectively protect citizens and attract more investors to the country.
The government therefore seeks to create an autonomous framework for international transfer, reflecting the UK’s independent approach to data protection and supporting its broader objectives relating to trade and security.
The aim that the UK Government seeks to pursue with the proposed reforms is to be able to evaluate the adoption of more flexible, innovative and reliable mechanisms to protect personal data when transferred abroad.
To achieve this, the government aims to: Effectively use methods to assess the adequacy of data, which allows the government to recognize that data protection standards in another jurisdiction are sufficient to eliminate the need for additional security measures and improve alternative tools that facilitate personal data flow.
Currently UK law considers the EU member states and EEA states, EU institutions, twelve countries that the EU had already assessed to be sufficient before Brexit and Gibraltar. The government intends to add more countries to the list, carrying out a comprehensive program of suitability assessment, aimed at providing UK companies with a simple and secure mechanism for the international transfer of personal data.
On 26 August, the government identified some priority areas in its assessment of the adequacy of the law: the United States, Australia, the Republic of Korea, Singapore, the Dubai International Finance Center and Colombia.
These assessments and any decisions will be closely watched by the European Union Commission, which, in adopting the adequacy decision in favor of the United Kingdom, stated that any changes to the terms, including international decisions and agreements regarding data transfer outside the United Kingdom, would be Monitoring has been carried out to verify that the level of protection provided to the personal data of EU citizens is maintained and if there are changes that cause a deviation from the level of protection that existed at the time of the decision. If so, intervene immediately.
Data transfer adequacy decision for US and UK: cornerstone of EU parliament
Fundamental Role of Certificates
In a framework aimed at simplifying the obligations aimed at protecting personal data and making them clear and easily enforceable by companies, ICO plays a fundamental role and is doing a great job of supporting companies in a tangible way. .
On 19 August 2021 the Information Commissioner’s Office (ICO) approved the first criteria for the three certification schemes under Article 42(5) of the UK GDPR.
The certification was introduced under the UK GDPR as a way to help demonstrate compliance with data protection regulations and, in turn, inspire trust and confidence in those who use its products, processes and services. Huh.
Therefore certification provides a framework for companies to adhere to and provides assurance to customers that they are adhering to strong standards.
The ICO has approved the following schemes:
- ADISA ICT Asset Recovery 8.0 Certification. Responsible IT Tools for Data Removal Service Providers: IT Asset Disposal Services experts have developed a standard that ensures that personal data is handled appropriately when IT tools are reused or destroyed.
- Age Check Certification Scheme (“ACCS”)ACCS Scheme is designed for verification in matters of access to products or services for which age limit has been prescribed.
- Age Appropriate Design Certification Scheme (AADCS). The scheme identifies age-appropriate design criteria for children to protect children’s online privacy and is based on the Children’s Code.
Companies that meet the standards set forth in these certification schemes can gain a competitive advantage and demonstrate that they have the highest level of data security compliance commitment to their customers, partners and investors.
Facial recognition and video surveillance: other news
On the subject of video surveillance and facial recognition, the UK is updating codes of practice, which will be supervised for possible effects on the adequacy decision. The new text governs the use of surveillance systems by police and local authorities, and includes guidelines on live facial recognition.
These technologies can be extremely invasive and can lead to mass surveillance and will certainly be subject to careful scrutiny by the Commission and the European Parliament.
@All rights reserved
Organizer. Zombie aficionado. Wannabe reader. Passionate writer. Twitter lover. Music scholar. Web expert.