top of page


  • Tech Journalist

The EU and US data transfer ruling is still shaky

Data reasonably influence digital business variance, and the EU-US data transfer issue is still hanging for decision. Unlike the previous deeper dive, we took the UK online safety bill, which changed, but the format remained straightforward. The data transfer agenda is holding a privacy shield for more than 5,400 businesses deepened on cross border transmissions. It may seem like an easy fix by letting the data pass fluently, but monitoring and filtering remain.

The privacy shield binned previously by the EU court had an arrangement between the political bloc and the US, which triggered legal confusion. A report has been published concerning the international data transfer agreement (IDTA), which clearly states guidelines for the restricted transfer of personal data outside the UK.

IDTA also contains safe measures concerning effective and enforceable data subject right along with transfer data rules. Restricted transfer applied to personal data transfer along with guidelines for data receivers. A limited transfer is barred from sending in countries not covered by UK adequacy regulations.

Standard Contractual Clauses seem like an easy fix for the current issue, but they are not implemented correctly. The transaction should be pretty simple as there are lots of ongoing connections. Why is data transfer becoming an issue? Former Secretary of State for DCMS Oliver Dowden is considering options towards GDPR in the upcoming months. The European Commission posted SCCs that listed Court requirements along with 'supplementary measures' businesses must take.

Recommendations 01/2020 on EU level of protection of personal data, published on 18th June 2021, graphed exciting statistics for us to explore.

It said (56), "If you have put in place effective supplementary measures, which combined with your chosen Article 46 GDPR transfer tool reach a level of protection that is now essentially equivalent to the level of protection guaranteed within the EEA: you may proceed with your transfers."

Core fundamental remains the same, but a change of ruling made the process quite complex.

Annex to the commission implementing decision put out clause to make the process straightforward along with specific guideline of data limitation, transparency, accuracy, data minimization, storage limitation, processing security, sensitive data, onward transfers, precision and a few other essential points. It shows how clear the vision is, but the issue remains to be settled.

The General Data Protection Regulation (GDPR) and post-Brexit Britain, UK GDPR is trying to tie up the matter as soon as possible to avoid a collision or future losses that businesses may face. Harvard Kennedy School Belfer Center for science and international affairs published a report back in July 2021 on the data sharing between the United States and the European Union, discussing the impact of the scherm's II decision and future considerations received further data. The report said, "Data Sovereignty is the concept that nation-states can assert control and legislative jurisdiction over data in their territory on behalf of their citizens." It also said, over 100 countries have some form of data sovereignty policy at the moment that falls directly under jurisdiction.

To complete IDTA, sender/ exporter in the case of UK GDPR, receiving end should be separate legal person or organisation to the sender/exporter. For more than two parties to enter into the IDTA, there may be mandatory clauses for change. IDTA should work on behalf of the user's intent with more than one importer or exporter. For the transfer to be legal, someone can be nominated to decide on everyone's behalf by a multi-party IDTA.

Also, to make the transfer as lawful as possible, according to 15.1(a), it is required to have legally binding requests from public or judicial authority under the laws of the destination country.

bottom of page