“Business as usual” for UK-EU data protection transition in 2020.  

By Gail E. Crawford and Susan Mann

On 29 January 2020, the EU Parliament approved the UK Withdrawal Agreement after the UK Parliament’s ratification via the EU Withdrawal Act 2020 on 23 January 2020 (Withdrawal Agreement). The Withdrawal Agreement maintains the UK pre-Brexit position and clarifies that the GDPR continues to apply in the UK during the transition period (between 1 February 2020 and 31 December 2020, or any extension agreed by UK and EU), allowing both sides to negotiate the future data protection relationship. The ICO confirmed that the GDPR will continue to apply, and that during the transition it will be “business as usual”.

The provisions of the UK GDPR will be incorporated directly into UK law from the end of the transition period, and will sit alongside the current UK Data Protection Act 2018. At the end of the transition period, there will be the current EU GDPR as well as a UK GDPR. The Withdrawal Agreement includes technical amendments to the current GDPR, so that it will work in a UK-only context.

The European Commission adopted its adequacy decision for Japan on 23 January 2019, opening the doors for personal data to flow freely between the two major global economies.

By Fiona M. Maclean and Laura Holden

The Adequacy Decision

Following two years of dialogue between the European Union (EU) and Japan, the European Commission (EC) adopted its mutual adequacy decision (Decision) for Japan on 23 January 2019. As noted in the EC’s press release, the decision is effective immediately.

Japan now joins a list of select jurisdictions recognised as adequate by the EC, notably: Andorra, Argentina, Canada (for private entities only), Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, and the United States (EU-U.S. Privacy Shield). The Decision is the first of its kind adopted since the General Data Protection Regulation (GDPR) became applicable in May 2018.