The Information Commissioner’s Office (ICO) has launched a public consultation on its draft international data transfer agreement (IDTA) and guidance. When organisations send personal information to a country outside the UK, they must ensure people’s data protection rights continue to be protected. An IDTA is a contract that organisations can use when transferring data to countries not covered by adequacy decisions.

The IDTA will replace the current standard contractual clauses (SCCs) to take into account the binding judgment of the European Court of Justice in a case commonly known as ‘Schrems II’. The ruling required organisations to carry out further diligence when making a transfer of personal data outside of the UK to countries without an adequacy decision.

The consultation is split into three sections, offering a selection of proposals and options to consider: proposal and plans for updates to guidance on international transfers; transfer risk assessments; and the international data transfer agreement.

The ICO is also asking for views on any relevant privacy rights, legal, economic or policy considerations and implications. Responses will help the regulator understand the practical impact of proposed approaches on organisations.

Steve Wood, ICO executive director of regulatory strategy, said: “The modern world involves increasing flows of personal data about citizens to deliver goods and services. Ensuring data is well-protected when transferred outside of the UK will be vital in maintaining people’s trust in the system. Our new IDTA is developed to ensure such protections are in place.”

He added that the new guidance has been designed to be accessible and offer support to all organisations, from SMEs without the benefit of large legal budgets to multi-national companies. The agreements aim to help organisations to continue to trade freely while ensuring the correct protections are in place before transferring people’s data.

“This consultation is important. We know how important it is for transfer tools to work in practice, and the ICO wants to support businesses in this area. The responses we receive will inform our final work and I encourage all organisations that undertake international transfers to engage with the consultation and provide feedback.”

Share Story: