Data adequacy draft decision released
For those operating in the UK and EU/EEA, data adequacy will be welcome to aid the continuation of business without the burden of extra protections.
On 31 December 2020 the UK became a “third country” for the purpose of data transfers with the EU/EEA. This meant that, in the absence of an adequacy decision from the EU, protections would need to be put into place to protect the integrity of data flowing from the EU/EEA to the UK, usually by way of Standard Contractual Clauses.
The Trade and Cooperation Agreement (“TCA”) agreed between the UK and EU on 24 December 2020 fell short of containing an adequacy decision on personal data flowing from the EU/EEA to the UK. The TCA did, however, provide a commitment from the EU to complete the adequacy decision review and, in the meantime, the UK was to be deemed ‘adequate’ for the purpose of data protection for a period of four months from 1 January 2021 (subject to certain criteria and a possible extension).
On 19 February 2021 the EU Commission published a draft adequacy decision (“the draft decision”) for transfers of personal data to the UK under the General Data Protection Regulation (“GDPR”) in favour of the UK. This means the EU recognises that the UK ensures an essentially equivalent level of protection for the integrity of the data to the one guaranteed under the GDPR. This will not come as a great surprise for many given that EU law has moulded the UK’s data protection laws for many years.
What this means for insurance brokers depends very much on which operating model has been adopted. Certainly for those operating both in the UK and the EU/EEA, data adequacy will be a very welcome and positive step to aid the continuation of business without the additional burden of extra protections being required. The British Insurance Brokers Association (“BIBA”) 2021 Manifesto (“the Manifesto”) called for, and supports a data adequacy decision to ensure that insurance brokers can continue to help their EU customers. Specifically, the Manifesto states “The flow of data between the UK and EU on financial services is vital and we urge the Government to agree a long-term solution as a matter of urgency”.
Whilst the draft decision is subject to the opinion of the European Data Protection Board and a committee comprising EU member states representatives, there can be no doubt that this is most definitely a step in the right direction that will provide reassurance to businesses and insurance brokers alike.
This article first appeared in British Insurance Brokers' Association (BIBA) newsletter on 4 March 2021.