The U.K.'s data regulator is seeking feedback on a proposed replacement to a contractual mechanism for protecting the privacy of international data flows.
The Information Commissioner’s Office is asking for comments on a draft of the new international data transfer agreement until Oct. 7.
The agreement is replacing so-called standard contractual clauses that allow companies transferring personal data overseas to agree to privacy protections as part of a contract. The clauses are commonly used for compliance with the European Union’s data protection rules.
The U.K.'s post-Brexit proposal comes after the EU decided to let data flow freely between the bloc and its former member.
The Information Commissioner’s Office is updating its guidance on international transfers, to account for both Brexit and a European Court ruling that struck down another policy tool for data flows, the EU-U.S. Privacy Shield.
Companies that send personal data outside of the U.K. must also complete a transfer risk assessment to make sure the contractual agreement works as intended in the country where the data recipient is located, according to the data regulator. It’s similar to a directive from European privacy regulators to assess government surveillance in countries where their citizens’ data is headed, including the U.S.
The U.K. regulator is asking for views on relevant privacy rights, as well as legal, economic, or policy considerations and implications.
“We recognise the importance of international data flows to the UK’s digital economy and are committed to maintaining high standards of data protection for people’s personal information when being transferred outside of the UK,” the ICO said on its website.