The Department for Science, Innovation and Technology (DSIT) is located at 1 Victoria Street, London, SW1H 0ET, United Kingdom.

Dear Sir

I write regarding the document sent to me in response to my statutory request connected to the Justice and Security Act 2013 Section 13 review.

The statutory review by Sir Ouseley has been incorrectly treated as an information review when it concerns a different subject, as set out in the chaired review by David McVean of the Education Funding Agency (EFA), Reference: 2025-0012619 dated 11 April 2025, and the Deputy Director (Chair) correspondence dated 15 December 2021.

My original request concerned Education Records and Funding Details for Emily Catherine Newbold-Smith — clarification and escalation — and referenced the statement that the proposal submitted by Weald of Kent Grammar School in Tonbridge, Kent for an annexe provision for children had recently been approved. This reference was part of the request context. It should not be taken to imply that my daughter was present, enrolled, or directly involved. Any such implication would be incorrect and must be corrected.

There also appears to be no proper definition of the Stage 1 problem as required under the statutory review framework and the Independent Review of Children’s Social Care standards, including:

a) Sufficient information being made available to stakeholders to enable informed comment
b) Genuine engagement rather than procedural formality
c) Publication of consultation responses within twelve (12) weeks of consultation closing

I further note the contradiction with the Hastings Family Court position referenced by Judge Hollis, where the documents concerned were already alleged to be fraudulent.

Under ICO reference IC-159128-T3B1 (Gemma Gavey), the Information Commissioner’s Office confirmed the complainant’s right of appeal against the Department for Education. Despite this, the matter appears to have been allowed to drift.

1. Legal basis

• The UK’s data protection law comes from the UK GDPR (which mirrors EU GDPR) and the Data Protection Act 2018.
• Under UK GDPR, Chapter V, personal data can be transferred to another country if the UK ensures an adequate level of protection.

---

2. Adequacy decision

• The UK government (via the Secretary of State for DCMS) evaluates foreign countries to see if their laws provide data protection “essentially equivalent” to UK standards.
• If so, the country is granted an adequacy decision, which is a legal declaration published officially.

---

3. Effect of adequacy

• Once a country (or the EEA collectively) is deemed adequate:
  • No extra contractual safeguards are needed for transfers.
  • Companies can move personal data freely.
• This is legally binding, but it does not impose technical security obligations beyond what the destination country already requires.

---

4. Alternatives if no adequacy

• If a country is not adequate, UK law requires:
  • Standard Contractual Clauses (SCCs) – legal contracts guaranteeing protection.
  • Binding Corporate Rules (BCRs) – for internal transfers within multinational companies.
  • Explicit consent from data subjects for transfer.

---

5. Why it’s called a “loophole”

• The adequacy decision is a legal shortcut: it avoids extra contracts, paperwork, or checks.
• But it doesn’t physically enforce security. If a company in an adequate country mishandles data, the UK law can hold them accountable after the fact, but the transfer itself is already legal.

---

• Trying to get lawful help.
• Historic Child Safeguarding Concerns: What You Need to Know
• Request for Manual Review of Channel Termination
• Nothing to Fear from Mandelson
• Communication with Sir Mark Rowley the MET