¾«Æ·¹ú²ú×ÔÏßÎçÒ¹¸£Àû

We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


EU planning to renew British data decision
Pic: Unsplash
24 Jul 2025 data law Print

EU planning to renew British data decision

The European Commission has proposed the renewal of two decisions that provide organisations based in the EU with a legal basis for transferring personal data to Britain.

EU law allows the transfer of personal data outside the European Economic Area (EEA) only if such a third country is considered to have laws essentially equivalent to those that safeguard personal data inside the EEA.

Lawyers from Pinsent Masons point out that, where such an ‘adequacy decision” has been issued, data transfers between the EU and the third countries are automatically considered to comply with EU data-protection laws.

Standards ‘essentially equivalent’

In 2021, the commission issued two adequacy decisions on Britain, to enable compliant personal data transfers from the EU under the GDPR and the EU’s Law Enforcement Directive, respectively, after Brexit.

These adequacy decisions are due to expire on 27 December 2025.

The EU body has, however, now issued in which it says that it continues to assess Britain’s data-protection standards as being “essentially equivalent” to those in force in the EU.

It has proposed to renew its British adequacy decisions for a period of six years.

2025 act assessed

According to Pinsent Masons, the commission’s assessment of Britain’s data -protection framework included a review of the recently enacted (DUAA), which provides for some divergence from the EU in some areas of data-protection law.

Malcolm Dowden, a data-protection expert at the firm, says that the draft decision confirms that, on all points considered potentially risky for Britain during the initial parliamentary debates on the legislation – such as changes to the rules relating to automated decision-making and the new corporate structure of Britain’s data-protection authority, the ICO – British law continues to give adequate protection.

“The draft decision is also more positive than its predecessor in relation to law-enforcement processing, broadly approving the safeguards provided by Investigatory Powers Act 2016,” he adds.

The commission’s draft adequacy decisions have to be formally approved by representatives of EU governments and are also subject to a non-binding opinion of the European Data Protection Board (EDPB).

Dowden concludes that the draft decision’s publication so quickly after royal assent for the DUAA should provide British businesses and organisations operating in Britain and other jurisdictions with “a strong indication” that the decision is likely to be approved and adopted ahead of the 27 December 2025 deadline.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland
Copyright © 2025 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.