On November 20, 2023, the Department for Science, Innovation and Technology (DSIT) published a report titled 'Towards a sustainable, multilateral, and universal solution for international data transfers' prepared by the International Data Transfers Expert Council (the Council). In particular, the report provides a framework for the development of a global system for data transfers.

Characteristics of a sustainable international data transfers solution

According to the report, a sustainable and universally acceptable data transfers framework should, among other things:

• have strong political endorsement;
• be risk-based;
• be accountability-based;
• be interoperable and focused on outcomes;
• consist of multiple transfer mechanisms;
• follow incentive-based enforcement; and
• be scalable.

Key recommendations

Notably, the report recommends actions that can be taken in the short, medium, and long term, to develop a global framework for international data transfers that balance data protection with the benefits of cross-border data flows. Specifically, the report recommends that the UK government and the international community should:

• address challenges related to international data transfers while promoting the benefits of data transfers in areas such as online safety for children, cybersecurity, and artificial intelligence (AI) algorithm development;
• promote trusted government access to personal data held by the private sector based on the Organisation for Economic Co-operation and Development's (OECD) Trusted Government Access Principles (TGA Principles);
• promote organizational accountability as a basis for trustworthy international data transfers;
• develop international data transfer technical standards and codes of conduct;
• promote the concept of 'data free flow with trust' in multilateral fora and encourage the adoption of mechanisms promoting scalability of the TGA Principles to non-signatory countries;
• prioritize bilateral data bridge agreements and collaboration with entities like the EU and the US to facilitate the flow of personal data based on trust;
• redevelop the Global Cross Border Privacy Rules (CBPR) system to make it a more widely accepted basis for a multilateral solution; and
• dedicate resources to solving challenges in international data transfers.

Finally, the report states that the Council would collaborate with the UK Government to implement the abovementioned recommendations.

You can read the press release here and the report here.