‘User-friendly’ is the name of the game in ICO’s draft international data transfer agreement

EU SCCs can still be used with a UK Addendum for transfers that could be subject to the UK GDPR, the EU GDPR, or both. By Emma Erskine-Fox of TLT LLP.

On 11 August 2021, the Information Commissioner’s Office (ICO) launched its hotly-anticipated consultation on the UK’s new standard contractual clauses for international personal data transfers(1) . This comes in the wake of the European Commission (EC) recently finalising updated EU standard contractual clauses (EU SCCs), following the Schrems II judgment in July 2020. Post-Brexit, the UK can approve its own standard contractual clauses under the UK General Data Protection regulation (UK GDPR), as the EU SCCs were not automatically approved for use by organisations subject to the UK GDPR.

Those of us who were expecting to be talking about the “UK SCCs” for the next few months will have to get used to new terminology; the ICO has named its set of clauses a template “international data transfer agreement” (IDTA) instead. The purpose of the document is, however, exactly the same; namely, to update the currently approved SCCs for transfers of personal data subject to the UK GDPR.

Continue reading

UK Report subscribers please login to access the full article.

If you wish to subscribe please see our subscription information.