Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the potential impact of foreign-owned technology platforms being subject to overseas jurisdictions on levels of UK data sovereignty; and what safeguards are in place to help prevent their use for intelligence-gathering purposes.

All organisations processing personal data in the UK must comply with the UK’s data protection framework, including the UK GDPR, regardless of where they are headquartered. This includes requirements that apply when personal data is transferred overseas, and organisations must ensure that appropriate safeguards are in place where required.

The UK has  world-leading investigation and enforcement capabilities to ensure that data is collected and handled responsibly and securely. The Information Commissioner’s Office has powers to investigate, issue fines and require corrective action where organisations fail to comply with the UK’s data protection framework, and individuals may seek redress if their data is misused.

As threats to UK data evolve our response will be agile and proportionate. We actively monitor threats to UK data and will not hesitate to take further action if necessary to protect our national security.