This Week in Privacy: 22 February 2021
February 22, 2021
EU: Commission publishes UK adequacy decision
The European Commission published its draft adequacy decisions for transfers of personal data to the UK under the GDPR and the Law Enforcement Directive.
The Commission highlighted that it had carefully assessed the existing regime governing personal data protection in the UK in reaching its conclusion that the UK does ensure an essentially equivalent level of protection to that guaranteed under the GDPR. Věra Jourová, Vice-President for Values and Transparency, said that, while the UK had left the EU, it had not left the European privacy family. Jourova further highlighted that clear and strict mechanisms in terms of both monitoring and review, suspension or withdrawal of the decision had been incorporated in order to address any future issues that may arise.
The European Data Protection Board will now be asked to provide its opinion on the draft decisions, before moving to a further review by a committee of Member State representatives.
USA: Florida and Utah follow other states in proposing privacy laws
Whilst Virginia is poised to become the next State to pass a privacy law, Florida and Utah have become the latest States to introduce bills to regulate the protection the privacy.
In Utah, the Consumer Privacy Act and Commercial Email Act was introduced to the State Senate. The bill would provide for consumer rights such as the right to access, correct, and delete certain personal data, as well as the right to opt out of the collection and use of personal data for certain purposes. Moreover, the bill would require business to provide clear information to consumers regarding how their personal data are used and require business to maintain data protection assessments.
You can stay up to date on all State proposals as they happen through OneTrust DataGuidance's State Law Tracker.
ADGM: ADGM enacts Data Protection Regulations 2021
The Abu Dhabi Global Market announced that it had enacted the Data Protection Regulations 2021, following its public consultation.
The regulations introduce several provisions in relation to:
- individuals' rights;
- Data Protection by Design and by Default;
- records of processing activities;
- data protection officer appointment and tasks;
- breach notification;
- data transfers; and
- vendor management.
The ADGM highlighted that the regulations propose a 12 month transition period for current establishments, and six months for new establishments, to commence from 14 February 2021.