As Japan becomes 'adequate' for data protection laws...will the UK soon become 'inadequate'?
On 23 January 2019, the European Commission and the Personal Information Commission of Japan, concluded a two-year-long dialogue and the adoption of the decisions recognising each other’s personal data protection systems as ‘equivalent’.
On 23 January 2019, the European Commission and the Personal Information Commission of Japan, concluded a two-year-long dialogue and jointly announced the adoption of the decisions recognising each other’s personal data protection systems as ‘equivalent’.
This means that businesses all over the EEA (which includes the UK…at least for the next 8 weeks..) can easily transfer personal data to Japan in a ‘frictionless’ exchange, without the need for safeguards that would apply to non-EU countries.
It is likely to be hugely beneficial to Japan and the EU but begs another question for the UK – will the UK be 'adequate' after 29 March this year?
Will the UK meet the adequacy test?
Upon Brexit the UK will cease to be an EU Member State and become a so-called ‘third country’. This is a serious concern because transfers of personal data from the EU to third countries are severely restricted.
While the UK has announced it will adopt all current adequacy decisions of the EU upon exit, the EU will need to assess the UK’s privacy framework as equivalent and has given no similar assurances. Indeed there are indications that the UK may well be considered 'inadequate' meaning transfers from the EU to the UK would require safeguards in place at least until the UK obtains its own 'adequacy' decision (which typically takes two years).
What does this mean for you?
If you currently receive personal data from the EU (including from other parts of your own business) you may need to ensure that you have safeguards in place prior to Brexit, to make sure that flow of data can continue. We can help with these. We have written up a short blog on what to consider here.
Contact
Mark Hickson
Head of Business Development
onlineteaminbox@brownejacobson.com
+44 (0)370 270 6000
Related expertise
You may be interested in...
Legal Update
Understanding the ICO's new fining guidance
Legal Update
ICO consultation on accessing care records: A legal perspective
Legal Update
Cyber-attacks in UK universities: Why failing to prepare is no longer an option
Legal Update
Artificial intelligence – shaping a sustainable future
Press Release
Spring Budget 2024: Browne Jacobson reaction
Legal Update
Not quite a blanket ban on mobile phones in schools: DfE guidance insights
On-Demand - Shared Insights
Shared Insights: Sexual safety in the workplace — how leaders can help to create a sexual safety culture
Legal Update
Progress on the Automated Vehicles Bill
Legal Update
Data protection in higher education: what to expect in 2024
Legal Update
The rise of AI in construction
Legal Update
Government foreshadows significant savings for public bodies as part of data protection overhaul
Legal Update
ICO consultation on transparency in health and social care
Legal Update
How to mitigate risk in disputes arising from AI use in technology projects
Opinion
Monitoring workers – ICO guidance
Legal Update
ICO consultation on fertility tracking apps
Published Article
UK: Legal issues with deepfakes
Legal Update
New guidance for employers on subject access requests published by the ICO
Legal Update
Ali Round 2 - High Court gives further guidance on causation and quantum for data breaches
Press Release
Browne Jacobson welcomes former ICO lawyer to support growing UK&I data privacy and tech practice
Legal Update
Update on data protection claims - Austrian Post Case
Press Release
Browne Jacobson launches specialist Ascensus programme for in house lawyers and business leaders
Opinion
Mopping up after a leak – how businesses can take steps to protect their confidential information
Legal Update
Cyber security and data breaches
Legal Update
Update on the Digital Services Act (“DSA”) – Important Dates and Deadlines Looming
Legal Update
Government publishes its proposals for expanding the Scope of the Network and Information Systems Regulations 2018
Legal Update
Protecting children and their data in the online environment
Published Article
Bruce Willis AI and the problem with deepfakes
A deepfake of Bruce Willis is advertising Russian mobile phones. Many great artistic and metaphysical questions are raised by this performance. However, this article is going to look at the intellectual property law implications, from a UK perspective.
Legal Update
DSA approved: Targeted Advertising Rules explained
Legal Update
Economic crime and cybercrime
It is clear that the digital landscape, often termed cyberspace, is a man-made environment, in which human behaviour dominates and where technology both influences and aids our role in it — through the internet, telecoms and networked computer systems, which are often interdependent. The extent to which any organisation is potentially vulnerable to cyber-attack depends on how well these elements are aligned.
Legal Update
Data reform in the UK
Since the UK left the EU and are now able to move away from the EU data protection regime, the UK government have implemented a national data strategy with the aim of reducing the burden on organisations but maintaining a high data protection standard.
Legal Update
Are local authority companies subject to the Freedom of Information Act 2000?
In this article we look at local authority companies and whether they are subject to the Freedom of Information Act 2000. And for those that are, what information are they legally obliged to submit.
Legal Update
Digital Markets Act and Data Platforms - FRANDs for life?
The Digital Markets Act (the “DMA”) joins the dots between competition law and data protection law and actively targets data-driven platforms. It is also a comprehensive regulation to take note of, with familiar GDPR-style fines tied to turnover.
Legal Update
Avoiding the pitfalls of WhatsApp
The use of social media platforms and applications can have overwhelmingly positive benefits for public bodies. However, regulatory action recently taken by the Information Commissioner, has highlighted various pitfalls that public bodies should seek to avoid if allowing staff to use social media as a communication tool.
Legal Update
ICO consultation on research provisions guidance
The data protection legislation (namely, the UK GDPR and Data Protection Act 2018) contain various provisions that deal with the processing of personal data for research purposes.
Legal Update
More good news for data controllers: High Court finds local authority not vicariously liable for the actions of social worker who went off on a "frolic of her own"
Published Article
Five top tips for strong data compliance in 2022
This article has five excellent top tips for strong data compliance in 2022, including; embracing near misses, leading from the top, outcomes-focused training, learning walks, consequences.
Legal Update
Stemming the tide of data breach claims: good news for data controllers
The cases summarised give considerable comfort to data controllers seeking to defend themselves against claims that relate to breaches arising as a result of a failure rather than a direct act and/or are based on assertions of damage or distress that are exaggerated, unsubstantiated or bear little relation to the breach itself.
Press Release
Reaction: Supreme Court rules in favour of Google
Legal Update
What are the requirements of cookie law
Cookies and similar technologies are a useful and often necessary tool for online businesses, but their use is governed by both the Privacy and Electronic Communications Regulations (PECR) and the GDPR.
Legal Update
Steps to take following a data breach: reporting, criminal charges and injunctions
Student and staff files will be full of personal data, much of which may be particularly sensitive such as health information (known under the data protection legislation as “special category” data).