Topics In Demand
Notification
New

No notification found.

Request for Inputs: Consultation paper released by the UK Information Commissioner’s Office on International Data Transfers in the UK
Request for Inputs: Consultation paper released by the UK Information Commissioner’s Office on International Data Transfers in the UK

September 27, 2021

20

0

 Background

The UK Information Commissioners Office (ICO) has released a consultation paper on the regulatory regime governing international data transfers in and out of the United Kingdom (UK) under the UK GDPR (the UK law which implements the GDPR after Brexit).

Given that the UK has also left the EU, this paper signals that UK is willing to establish a data protection regime that, though still inspired by the GDPR, can take a different approach in some aspects. Accordingly, this paper presents a key opportunity to indicate reforms and desired outcomes from rules on transfer mechanisms, contractual clauses and risk assessments that would govern how data moves in and out of the UK, including to and from Indian processors and controllers.

Comments from Indian companies are likely to be valuable to the ICO, considering that it shall operationalise any future partnership / arrangements between the Governments of UK and India on cross-border data transfers. For context, the UK has listed India as a priority country to strike a data adequacy partnership with.

The consultation paper discusses the following:

  • Proposals and plans for updates to guidance on data transfers, including on the interpretation of relevant sections of the UK GDPR such as those on territorial applicability and on restrictions on data transfers
  • A transfer risk assessment tool for the purposes of carrying out risk assessments of routine international data transfers
  • A ICO model international data transfer agreement which is intended to be the equivalent of the Standard Contractual Clauses of the European Commission (SCCs) but for the UK territory (since, post Brexit, the SCCs do not apply to the UK).

The consultation paper presents multiple policy options and raises questions under each of the above. The paper contains specific fields for persons responding to choose between options and fill in their responses. The ICO is also generally seeking views on any relevant concerns that stakeholders may have on privacy rights or on legal, economic or policy considerations of its proposed approaches. The deadline for responding to the consultation paper is October 7th, 2021.

Request for inputs

We request members to send their choices on policy options presented, and responses to questions raised, in the consultation paper by the ICO by October 4th, 2021 to Varun@nasscom.in and cc to Apurva@nasscom.in by filling out the consultation paper provided by the ICO. We also request members to also forward the consultation paper and other documents to their legal teams and data protection officers for their inputs. We would also like to have any general feedback/comments beyond the questions listed. A copy of the consultation paper and other consultation documents are available here. 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Varun Sen Bahl
Manager - Public Policy

Reach out to me for all things about data regulation, cybersecurity policy, and internet governance.

© Copyright nasscom. All Rights Reserved.