Some post-Brexit positivity: EU grants the UK data protection adequacy decision.

Jorja Knight June 29, 2021

With the June 30th deadline only days away, it was announced yesterday that the UK had been granted an ‘adequacy’ status by the European Union. Jorja Knight, Head of Legal at PromoVeritas, explains why the decision is a positive one for those running promotions.

This ends a long period of concern about the flow of data from the UK to the EU/EEA as the adequacy decision provides for a free flow of data. “The decisions mean that UK businesses and organisations can continue to receive personal data from the EU and EEA without having to put additional arrangements in place with European counterparts”.

The EU press statement found here says the UK’s data protection system continues to be based on the same rules that were applicable when the UK was a Member State of the EU. The UK has fully incorporated the principles, rights and obligations of the GDPR and the Law Enforcement Directive into its post-Brexit legal system.

The sticking point has been the UK authorities use of personal data, and sensitive data, relating to criminal activities and offences. This hurdle was overcome by a second adequacy decision on the same day, called the Law Enforcement Directive. The wider GDPR principles are woven through this decision and if you feel like reading 52 pages, you will need to download it from the link in the EU press statement above.

This is a big step forward. We expected an adequacy decision to take longer. It means;

We can be less pedantic, on this issue, when we review Data Processing Agreements and Privacy Polices, as data can flow between us and EU/EEA clients / consumers in relation to promotions.
The UK GDPR principles and the Data Protection Act 2018 still safeguard privacy rights, but we can move away from the ‘standard contractual clauses’ for EU/EEA services which were the band-aid many were relying on.

However, as before, any international transfers of data to locations without an adequacy decision will mean, at a minimum, that there is extra diligence in information security checks and that reliance on standard contractual clauses will continue.

For clear advice from our legal team about ensuring your promotions comply with the relevant data protection regulation or how to avoid some of the complexities that Brexit has brought to marketing campaigns contact us on 0203 325 6000 or info@promoveritas.com

« Can influencer marketing damage your brand? Brewdog: The Daily Mail’s Money section asks PromoVeritas where their “Solid Gold Can” prize promotion went wrong? »

Cookie	Duration	Description
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
_ga	0	1 year	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gat_UA-15728851-3	0	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gid	0	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
bcookie	0	1 year	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
bscookie	1	1 year
csrftoken	0	11 months	This cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks
GPS	0	30 minutes	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location
IDE	1	1 year	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
ig_did	1	1 year
ig_nrcb	0	1 year
lang	0		This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
li_sugr	0	2 months
lidc	0	1 day	This cookie is set by LinkedIn and used for routing.
lissc	0	1 year
mid	0	1 year	The cookie is set by Instagram. The cookie is used to distinguish users and to show relevant content, for better user experience and security.
test_cookie	0	11 months
u	0	2 months
UserMatchHistory	0	1 month
VISITOR_INFO1_LIVE	1	5 months	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	1		This cookies is set by Youtube and is used to track the views of embedded videos.