This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 2 minute read

The UK creates a data transfers brains trust, but can it do the impossible?

The UK has formed a new Government Council on international data transfers, comprising world-leading data privacy experts from legal, academic and industry backgrounds. In the announcement, the Data Minister, Julia Lopez, said: "We want the UK to drive forward cutting-edge policies at home and overseas to ensure people, businesses and economies benefit from safe and secure data flows".

The Council's main purpose is to advise on how the UK can become a global leader in removing barriers to cross-border data flows, enabling new 'adequacy' partnerships and developing new transfer tools. Front-and-centre is a commitment to developing public trust in how personal data is shared for law enforcement purposes.

The creation of the Council is part of the UK's 'National Data Strategy', which aims to use the UK's veritable technology and data credentials to boost economic growth, create jobs and become a leader in public service innovation. Of course, there is a trade angle too, which the UK Government discusses in more detail on its international data transfer information page. Australia, India and the United States are listed as 'priority' destinations for adequacy partnerships and notably are not countries that the EU has deemed 'adequate' under its own framework. The UK estimates significant value in developing data transfer relationships with these countries.

These announcements show the UK's desire to depart tentatively from the EU's own approach to adequacy and other data transfer protections. Reading between the lines, it’s clear that the UK sees the EU processes as cumbersome, a view which elicits some sympathy with given the time it took for new Standard Contractual Clauses to arrive (which don't even do the whole job) and the fact that some recent adequacy decisions were in the pipeline for more than three years. Businesses will also welcome a less restrictive transfer regime that reduces paperwork and uncertainty.

Yet the UK might become unstuck if by pursuing new arrangements it sacrifices the precarious ‘adequacy’ decision granted to it by the EU. Some members of the EU Parliament are vocally unhappy about the UK’s adequacy decision, mainly for law enforcement processing reasons. Diverging from clear EU mandates with respect to transfers to the US, for instance, may only serve to put backs up even further. A loss of the EU adequacy decision may set the UK back more than the gains it hopes to make from its new strategy.

Clearly the UK Government is hoping that its Council team of 20 super-brains can find a way to thread the needle here. This will be a very tall order, though. I recently attended a talk on the EU-US data transfer saga given by Max Schrems himself. During the talk, Max stressed that in his mind there was no solution to permit transfers from the EU to the US wholesale under the existing US government surveillance regime other than the adoption of a Federal ‘privacy law’ similar to the European regime. So just around the corner, then…

There are a range of mechanisms under current UK data protection law which organisations can use to transfer personal data to other countries, including standard contractual clauses and binding corporate rules. The Council will give advice on the development of new international data transfer tools and mechanisms and securing new data adequacy partnerships with other countries.

Subscribe to receive our latest insights - on the topics that matter most to you - direct to your inbox, at your preferred frequency. Subscribe here

Tags

data protection and privacy, it and digital, technology