Asked by: Chris Bloore (Labour - Redditch)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what steps he is taking to help ensure that the personal data of UK citizens held by UK companies but stored on US-based servers is protected from access under (a) the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 and (b) other US legislation; and whether he plans to take steps to increase data sovereignty protections.
Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)
Under UK data protection laws, UK organisations must ensure personal data is appropriately protected when transferred internationally. The UK has an adequacy decision for certain transfers to the US, which assessed US government access laws and practices. Where adequacy cannot be relied upon, organisations must use alternative safeguards, such as contractual clauses.
The UK believes complex issues like data security and digital governance are best addressed through transparent, inclusive multi-stakeholder engagement. The UK remains committed to working with international partners via recognised global mechanisms to promote shared understanding and responsible behaviours, while supporting UK-based data-driven businesses to innovate and grow.