General Data Protection Regulation (GDPR)
,
Geographic focus: United Kingdom
,
Geospecific
Agreement says organizations do not need to assess risk before transferring data
The British government on Thursday signed a European agreement facilitating transatlantic data trade flows with the United States and told Parliament that the United Kingdom will agree to a Brussels-led agreement that allows American companies such as Facebook and Google to store European data. .
See also: Live Webinar | Cyber Resilience: Recovery from a Ransomware Attack
Leveraging the EU-US Data Privacy Framework through what the government calls a “data bridge”, that is, a full acceptance of the framework, which came into force in July: Westminster avoids having to negotiate a separate commercial data flow agreement under the terms of the General Data Protection Regulation. The United Kingdom incorporated European privacy law into its internal statute in 2018 before breaking away from the trading bloc.
Data transfers outside of countries governed by the GDPR, in the absence of specific authorization, such as through a contract, require an ongoing agreement with foreign countries attesting that the countries have an adequate level of privacy protection.
UK Secretary of State Michelle Donelan approved the agreement, which will enter into force on October 12. The data bridge underpins annual data-driven trade worth at least £79 million, according to UK estimates.
The agreement means that British companies, like their continental counterparts, will not have to rely on more cumbersome standard contractual clauses or binding corporate rules when transferring data to the US. The agreement also removes obligations on organizations to carry out risk assessments before transferring data.
Days earlier, the United States attorney general designated the United Kingdom as a “qualified state” according to Executive Order 14086which implemented the measures requested by Brussels to make an adequacy determination with the US before approving the EU-US Data Privacy Framework. USA
Donelan’s approval follows that of the UK and US in June reached a commitment in principle.
Experts warn that the long-term prospects of the EU-US Data Privacy Framework They are not very good, given that the Court of Justice of the European Union annulled its two predecessors: the Safe Harbor Framework in October 2015 and the Privacy Shield in July 2020. Challenges have already been filed against the framework. The data transfer mechanism is “not likely to be a lasting solution,” Jonathan Armstrong, a partner at Cordery Compliance who oversees European privacy law, told Information Security Media Group earlier this year (see: European Parliament rejects EU-US data framework).
Discover more from PressNewsAgency
Subscribe to get the latest posts sent to your email.