Cross-border data transfers have long been the lifeblood of global business, enabling innovation, efficiency, and ­international collaboration. But as ­geopolitical tensions rise and regulatory approaches diverge, the legal frameworks underpinning these transfers face unprecedented strain. The balance between protecting individual privacy and facilitating global business is increasingly difficult to maintain, and businesses are caught in the middle.

The UK’s evolving data protection regime, the changing dynamics of privacy frameworks in other countries, and the potential recalibration of adequacy decisions all contribute to a rapidly shifting environment. Will the UK Data (Use and Access) Bill (the DUAB) affect the long-term sustainability of the UK’s EU adequacy status? Can the EU/UK-US Data Privacy Framework (DPF) and GDPR appropriate safeguards withstand the pressures of a changing environment? Does the UK government’s apparent willingness to adopt a more flexible approach to third-country adequacy signal a possible departure from the EU’s more conservative stance? Below we examine these key developments and their potential to reshape global data flows, and provide our practical recommendations on what businesses can do to stay ahead of evolving requirements.