UK: DSIT publishes report on sustainable international data transfers framework
On November 20, 2023, the Department for Science, Innovation and Technology (DSIT) published a report titled 'Towards a sustainable, multilateral, and universal solution for international data transfers' prepared by the International Data Transfers Expert Council (the Council). In particular, the report provides a framework for the development of a global system for data transfers.
Characteristics of a sustainable international data transfers solution
According to the report, a sustainable and universally acceptable data transfers framework should, among other things:
- have strong political endorsement;
- be risk-based;
- be accountability-based;
- be interoperable and focused on outcomes;
- consist of multiple transfer mechanisms;
- follow incentive-based enforcement; and
- be scalable.
Notably, the report recommends actions that can be taken in the short, medium, and long term, to develop a global framework for international data transfers that balance data protection with the benefits of cross-border data flows. Specifically, the report recommends that the UK government and the international community should:
- address challenges related to international data transfers while promoting the benefits of data transfers in areas such as online safety for children, cybersecurity, and artificial intelligence (AI) algorithm development;
- promote trusted government access to personal data held by the private sector based on the Organisation for Economic Co-operation and Development's (OECD) Trusted Government Access Principles (TGA Principles);
- promote organizational accountability as a basis for trustworthy international data transfers;
- develop international data transfer technical standards and codes of conduct;
- promote the concept of 'data free flow with trust' in multilateral fora and encourage the adoption of mechanisms promoting scalability of the TGA Principles to non-signatory countries;
- prioritize bilateral data bridge agreements and collaboration with entities like the EU and the US to facilitate the flow of personal data based on trust;
- redevelop the Global Cross Border Privacy Rules (CBPR) system to make it a more widely accepted basis for a multilateral solution; and
- dedicate resources to solving challenges in international data transfers.
Finally, the report states that the Council would collaborate with the UK Government to implement the abovementioned recommendations.