Last Month in Privacy: February 2021
March 02, 2021
EU: Commission publishes UK adequacy decision
International data transfers continued to be at the forefront of discussions, and this time as a result of the European Commission's draft adequacy decisions for transfers of personal data to the UK under the GDPR and the Law Enforcement Directive.
Whilst still in draft stage, and with a review by the European Data Protection Board and a committee of Member State representatives still to come, the decision would have a significant impact on the way data flows from the EU to the UK are handled. In reaching its conclusion that the UK provided an 'essentially equivalent' level of protection to that guaranteed under the GDPR, the Commission highlighted that while the UK had left the EU, it had not left the European privacy family. The Commission further highlighted that clear and strict mechanisms in terms of both monitoring and review and suspension or withdrawal of the decision had been incorporated in order to address any future issues that may arise.
- Watch our webinar: UK Adequacy: The Future of Data Transfers for reaction and analysis
USA: States continue to introduce privacy bills
Whilst Virginia is poised to be the next State to pass a privacy law through the Consumer Data Protection Act, which is only awaiting the signature of the Governor, there were bills proposed across the US including in Alabama, Florida, Illinois, Massachusetts, Minnesota, Oklahoma, Utah, Vermont, and Washington. The bills address the protection of privacy to varying degrees, and include a wide variety of provisions and requirements regarding data subject rights, impact assessments, privacy notices and enforcement.
- OneTrust DataGuidance is closely tracking each of the bills as they move through their legislative process, so check out our State Law Tracker
EU: Council agrees position on ePrivacy Regulation, final text to be agreed with Parliament
There was more big news out of Europe last month, and this time in relation to the proposed ePrivacy Regulation, which has been under debate for a number of years. After attempts from several Presidencies of the Council of the European Union to reach an agreement, the Portuguese Presidency announced agreement had been struck. The proposals would overhaul the existing regime under the current ePrivacy Directive, including in relation to cookies, consent, as well as include rules regarding online identification and unsolicited and direct marketing. The Presidency will now commence negotiations with the European Parliament on the final text of the Regulation.
- Track and understand developments through our ePrivacy Regulation Portal