BCLP Global Data Privacy FAQs: Can the new EU standard contractual clauses be used for transfers of personal data from the UK?

Summary

In short: no, not currently.

The European Commission recently adopted new standard contractual clauses (SCCs) for transfers of personal data from the EU to “third countries” (the “new SCCs”). In this post, we highlight key developments in the UK’s data protection regime relating to SCCs.

Can UK controllers and processors rely on the new SCCs?

The EU’s new SCCs were adopted after the expiry of the Brexit transition period. This means that they are not recognised by UK law as a means of providing “appropriate safeguards” for outbound international transfers of personal data regulated under the UK General Data Protection Regulation. There is no indication at present that either the UK government or the Information Commissioner’s Office intend to take action to address this position.

For the time being, UK controllers may continue to rely on the old EU SCCs when transferring personal data to third countries, including using them to document new transfers from the UK. The ICO has confirmed that organisations may amend the old EU SCCs to ensure they make sense when used for transfers from the UK, for example, by updating references to applicable legislation, or removing references to “the EU” or “Member States”. The old EU SCCs should not otherwise be amended, unless it is to add protections or deal with commercial matters in ways that do not dilute the protections provided.

What does the future hold?

It has been announced that the ICO intends to publish a UK-specific set of SCCs (the “UK SCCs”) for consultation in July 2021. Organisations conducting personal data transfers to third countries from both the UK and the EU should therefore keep developments under review over the summer period. Depending on timings, it is possible that such organisations may need to include both the EU’s new SCCs and the UK’s SCCs in future contracts.

“Championing the international flow of data” is one of the key missions underlying with UK’s National Data Strategy. Speaking at a conference organised by Privacy Laws & Business on 5 July 2021, the UK Minister of State for Media and Data, John Whittingdale, stressed the UK’s commitment to developing international transfer tools, including codes of conduct and certification, and to adopting adequacy decisions independently of the EU. This suggests we can expect to see significant developments in the UK’s data protection framework in the months ahead.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bryan Cave Leighton Paisner | Attorney Advertising

Written by:

Bryan Cave Leighton Paisner
Contact
more
less

Bryan Cave Leighton Paisner on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.