The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) (No. 2) Regulations 2019

Sift requirements satisfied5th March 2019

Made6th March 2019

Laid before Parliament7th March 2019

Coming into force in accordance with regulation 1

The Secretary of State makes these Regulations in exercise of the powers conferred by section 8(1) of, and paragraph 21 of Schedule 7 to, the European Union (Withdrawal) Act 20181.

The requirements of paragraph 3(2) of Schedule 7 to that Act (relating to the appropriate Parliamentary procedure for these Regulations) have been satisfied.

Citation and commencement1.

These Regulations may be cited as the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) (No. 2) Regulations 2019 and come into force immediately before exit day.

Amendment of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 20192.

(1)

In paragraph 102 of Schedule 2 to the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 20192, paragraph 5 of the Schedule 21 to be inserted in the Data Protection Act 20183 by that paragraph is amended as follows,

(2)

After sub-paragraph (3) insert—

“(4)
A transfer described in the decision specified in sub-paragraph (2)(l) may only rely on sub-paragraphs (1)(e) and (3) and that decision for the purposes of paragraph 4(1) if, at the time of the transfer, the transferee’s privacy policy with respect to the type of personal data transferred includes a commitment to comply with the Privacy Shield Principles where the personal data is transferred from the United Kingdom.
(5)
In sub-paragraph (4), “the Privacy Shield Principles” means the Privacy Shield Principles set out in Annex II to the decision specified in sub-paragraph (2)(l) (including the Supplemental Principles).”.

(3)

Renumber the existing sub-paragraphs (4), (5) and (6) so that they become sub-paragraphs (6), (7) and (8) respectively.

(4)

In sub-paragraph (6) (as renumbered), for “(5) and (6)” substitute “(7) and (8)”.

Margot James

Minister of State

Department for Digital, Culture, Media and Sport

6th March 2019

EXPLANATORY NOTE

(This note is not part of the Regulations)

These Regulations are made in exercise of the powers conferred by section 8(1) of the European Union (Withdrawal) Act 2018 (c. 16) in order to address failures of retained EU law to operate effectively and other deficiencies (in particular under section 8(2)(d)) arising from the withdrawal of the United Kingdom (“UK”) from the European Union.

These Regulations amend the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (S.I. 2019/419) to reflect arrangements made for personal data to continue to be transferred from the UK to organisations in the United States of America participating in the Privacy Shield Framework, where the participating organisation’s privacy policy includes personal data transferred from the UK in its Privacy Shield commitments.

A full impact assessment has not been produced for this instrument as no, or no significant, impact on the private or voluntary sector is foreseen.