1. Insights /

Insights

BCLP Global Data Privacy FAQs: Can the new EU standard contractual clauses be used for transfers of personal data from the UK?

BCLP Global Data Privacy FAQs: Can the new EU standard contractual clauses be used for transfers of personal data from the UK?

8 July 2021
Download PDFDownload PDF
Print
Share

Summary

In short: no, not currently.

The European Commission recently adopted new standard contractual clauses (SCCs) for transfers of personal data from the EU to “third countries” (the “new SCCs”). In this post, we highlight key developments in the UK’s data protection regime relating to SCCs.

Can UK controllers and processors rely on the new SCCs?

The EU’s new SCCs were adopted after the expiry of the Brexit transition period. This means that they are not recognised by UK law as a means of providing “appropriate safeguards” for outbound international transfers of personal data regulated under the UK General Data Protection Regulation. There is no indication at present that either the UK government or the Information Commissioner’s Office intend to take action to address this position.

For the time being, UK controllers may continue to rely on the old EU SCCs when transferring personal data to third countries, including using them to document new transfers from the UK. The ICO has confirmed that organisations may amend the old EU SCCs to ensure they make sense when used for transfers from the UK, for example, by updating references to applicable legislation, or removing references to “the EU” or “Member States”. The old EU SCCs should not otherwise be amended, unless it is to add protections or deal with commercial matters in ways that do not dilute the protections provided.

What does the future hold?

It has been announced that the ICO intends to publish a UK-specific set of SCCs (the “UK SCCs”) for consultation in July 2021. Organisations conducting personal data transfers to third countries from both the UK and the EU should therefore keep developments under review over the summer period. Depending on timings, it is possible that such organisations may need to include both the EU’s new SCCs and the UK’s SCCs in future contracts.

“Championing the international flow of data” is one of the key missions underlying with UK’s National Data Strategy. Speaking at a conference organised by Privacy Laws & Business on 5 July 2021, the UK Minister of State for Media and Data, John Whittingdale, stressed the UK’s commitment to developing international transfer tools, including codes of conduct and certification, and to adopting adequacy decisions independently of the EU. This suggests we can expect to see significant developments in the UK’s data protection framework in the months ahead.

If you have any questions, please contact a member of BCLP’s Global Data Privacy and Security team.

Related Practice Areas

Data Privacy & Security 

  • Data Privacy & Security

Meet The Team

View All Related Professionals 

This material is not comprehensive, is for informational purposes only, and is not legal advice. Your use or receipt of this material does not create an attorney-client relationship between us. If you require legal advice, you should consult an attorney regarding your particular circumstances. The choice of a lawyer is an important decision and should not be based solely upon advertisements. This material may be “Attorney Advertising” under the ethics and professional rules of certain jurisdictions. For advertising purposes, St. Louis, Missouri, is designated BCLP’s principal office and Kathrine Dixon (kathrine.dixon@bclplaw.com) as the responsible attorney.