UK gets new status in global data privacy certification programme

July 08, 2023
UK gets new status in global data privacy certification programme The UK has become the first country in the world to be granted Associate status in the Global Cross Border Privacy Rules (CBPR) Forum. The Forum works to support international data transfers between member countries, safeguarding standards on data protection and privacy. Associate status in the Forum presents the UK with an opportunity to help drive co-operation with member nations including the United States, Canada, Mexico, Japan, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and Australia on international data flows. International data transfers and the need to move both customer and company details from one country to another are an inescapable part of modern global business transactions. In 2021, 93% of the UK’s services exports were data-enabled, meaning the trusted flow of data between countries is rapidly becoming an important contributor to economic growth. A practical approach is therefore an important focus for the government, as it works to help shape a global system which can encourage new innovations while ensuring the security of personal data as it moves across borders. Minister for Data and Digital Infrastructure, Sir John Whittingdale, said:
  • The UK’s association with the Global CBPR Forum is an important step in building a practical and functional system for global data transfers.
  • The safety and security of personal data as it moves between countries is paramount, so it’s vital that we work with our key international partners to design solutions that work for everyone.
  • The UK already has high data protection standards in place when it comes to international transfers, and we look forward to sharing our approach on the global stage alongside the CBPR Forum.
The Global CBPR system is a government-backed data privacy certification programme that companies can join to demonstrate compliance with internationally recognised data privacy protections. Many large multinational businesses have already been certified under the framework including Apple, IBM, and Mastercard, and it is one of the very few bodies which supports the secure flow of data across multiple countries, removing barriers and working towards a universal set of data transfer standards. Since leaving the European Union, the UK has seized the opportunity through the Data Protection and Digital Information Bill to create a new UK data rights regime. The legislation reduces burdens on business, supporting the Prime Minister’s priority to grow the economy, and unlocks new avenues for innovation across science and technology. In April 2022, the CBPR Forum was expanded beyond the Asia-Pacific region, and the UK is now the first jurisdiction to be accepted as an Associate, a new membership status recently created by the group. Before the UK’s official involvement was confirmed, in April the UK co-hosted a Forum workshop in London alongside the United States to explore how the CBPR system can be strengthened to work alongside the data privacy regimes of different countries.

Further Information