On August 11, 2021, the UK Information Commissioner’s Office (“ICO”) opened a public consultation to solicit stakeholder input regarding the UK’s approach to regulating international transfers of personal data under the UK General Data Protection Regulation (“UK GDPR”) (see here). To kick off this initiative, the ICO published a consultation paper setting out various policy options that the UK is considering, as well as:
- a draft set of contractual templates to facilitate transfers of personal data outside the UK, including: (1) a draft international data transfer agreement (“IDTA”); and (2) a draft international transfer addendum to be appended to the recently approved EU standard contractual clauses (“EU Addendum”); and
- a draft transfer impact assessment tool designed to help controllers and processors transferring personal data under the UK GDPR satisfy the requirements articulated by the Court of Justice of the European Union (“CJEU”) in the Schrems II decision (see here).
The ICO has requested that interested stakeholders submit their feedback by no later than October 7, 2021. In this blog post, we summarize these documents and tools, and identify topics that interested stakeholders may want to address when preparing their submission to the public consultation.