ICO consults on rules to protect personal data internationally

The Information Commissioner’s Office (ICO) has launched a public consultation on its draft international data transfer agreement (IDTA) and guidance. When organisations send personal information to a country outside the UK, they must ensure people’s data protection rights continue to be protected. An IDTA is a contract that organisations can use when transferring data to countries not covered by adequacy decisions.

The IDTA will replace the current standard contractual clauses (SCCs) to take into account the binding judgment of the European Court of Justice in a case commonly known as ‘Schrems II’. The ruling required organisations to carry out further diligence when making a transfer of personal data outside of the UK to countries without an adequacy decision.

The consultation is split into three sections, offering a selection of proposals and options to consider: proposal and plans for updates to guidance on international transfers; transfer risk assessments; and the international data transfer agreement.

The ICO is also asking for views on any relevant privacy rights, legal, economic or policy considerations and implications. Responses will help the regulator understand the practical impact of proposed approaches on organisations.

Steve Wood, ICO executive director of regulatory strategy, said: “The modern world involves increasing flows of personal data about citizens to deliver goods and services. Ensuring data is well-protected when transferred outside of the UK will be vital in maintaining people’s trust in the system. Our new IDTA is developed to ensure such protections are in place.”

He added that the new guidance has been designed to be accessible and offer support to all organisations, from SMEs without the benefit of large legal budgets to multi-national companies. The agreements aim to help organisations to continue to trade freely while ensuring the correct protections are in place before transferring people’s data.

“This consultation is important. We know how important it is for transfer tools to work in practice, and the ICO wants to support businesses in this area. The responses we receive will inform our final work and I encourage all organisations that undertake international transfers to engage with the consultation and provide feedback.”

    Share Story:

YOU MIGHT ALSO LIKE


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.