Question to the Department for Digital, Culture, Media & Sport:

To ask Her Majesty's Government what assessment they have made of the impact of accepting transfers made under Asia-Pacific Economic Cooperation Cross-Border Privacy Rules on (1) the privacy rights of (a) UK citizens, (b) children, and (c) disadvantaged groups, and (2) the enforcement of data protection provisions under Section 123 of the Data Protection Act 2018.

The UK does not intend for Free Trade Agreements (FTAs) to provide a legal basis, as a matter of domestic law, for the cross border transfer of personal data.

The recently agreed UK–Japan Comprehensive Economic Partnership Agreement (CEPA), for example, does not provide for the onward transfer of UK citizens’ data using the Asia Pacific Economic Cooperation Cross Border Privacy Rules System (APEC CBPR). It also does not alter the UK’s existing protections as enshrined in the Data Protection Act 2018 and GDPR, including the age-appropriate design code provisions in the DPA.

The UK is committed to working with international partners to remove unnecessary barriers to international data flows. This includes promoting interoperability between international data protection frameworks, which must ensure personal data is appropriately safeguarded.