UK devising EU-alternative mechanism for global data sharing

The mechanism will replace the soon-to-be invalid EU standard contractual clauses

The UK’s data regulator is working on developing its own transfer mechanism for businesses intent on sharing data internationally, which many businesses will eventually come to rely on now Britain has left the EU.

From this summer, the Information Commissioner’s Office (ICO) will be consulting with organisations and other data protection practitioners on replacing the EU's standard contractual clauses (SCCs) currently in place.

SCCs are a mechanism the EU devised to allow organisations to lawfully and securely transfer personal data from member states to those countries outside of the bloc, where data adequacy agreements have yet to be established.

UK businesses are still allowed to use these EU-created SCCs, despite the UK having moved beyond the Brexit transitionary period. However, the EU is currently drafting a new form of SCCs, set to launch later this year, which will replace the current mechanisms and will be invalid for international transfer from the UK.

To address this, the ICO is planning to issue its own form of transfer mechanism this year that will match the EU’s in terms of compliance and security, and ensure data can continue to flow without disruption.

“I think we recognise that standard contractual clauses are one of the most heavily used transfer tools in the UK GDPR, and we’ve always sought to help organisations use them effectively with guidance,” said Steve Wood, the ICO’s deputy commissioner and executive director for regulatory strategy.

“What I can confirm today is the ICO is working on bespoke UK standard clauses for international transfers, and we intend to go out for consultation on those in the summer. We’re also considering the value to the UK for us to recognise transfer tools from other countries, so standard data transfer agreements, so that would include the EU’s standard contractual clauses as well.”

Wood revealed the ICO’s plans at its Data Protection Practioner’s Conference during a panel discussion. He was joined by several others, including its COO and deputy CEO Paul Arnold, as well as director for regulatory strategy (international), Paula Hothersall.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

With the UK’s data-sharing terms with the US under much debate too, and speculation rife about how this relationship may evolve, Hothersall revealed the current arrangements with the US are unchanged from those in place prior to Brexit.

There are, however, conversations between the ICO and its counterparts abroad as to whether data protection authorities can establish some common ground, or a set of core principles, to achieve a degree of interoperability in the future.

Hothersall added that the ICO is engaging with groups such as the Global Privacy Assembly and the OECD to find areas of agreement.

Although the UK has secured a provisional data adequacy decision, there are concerns within the EU as well as among privacy campaigners that the UK will seek to diverge from GDPR in a meaningful way.

Specifically, campaigners have expressed concern the UK will seek to align more closely with the US, where data protection laws are less stringent and allow for more invasive surveillance.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

The IT Pro Podcast: Navigating Brexit data transfers
data protection

The IT Pro Podcast: Navigating Brexit data transfers

5 Feb 2021
Border force reliant on 26-year-old tech due to digital upgrade delay
digital transformation

Border force reliant on 26-year-old tech due to digital upgrade delay

9 Dec 2020
UK data laws after Brexit: Your questions answered
General Data Protection Regulation (GDPR)

UK data laws after Brexit: Your questions answered

30 Oct 2020
COVID-19 and Brexit are rendering AI models redundant
Data & insights

COVID-19 and Brexit are rendering AI models redundant

23 Sep 2020

Most Popular

Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021