The UK has launched a new government council that will advise national leaders on the nation\u2019s international data transfers post-Brexit. The International Data Transfer Expert Council consists of some of the world\u2019s leading data experts and comes as part of the UK government\u2019s ambition to unlock the benefits of free and secure data flows after leaving the EU. However, whilst the opportunities of new cross-border data transfer agreements are plentiful, there are key data security, protection, and privacy implications to consider.Data transfer expert council members a diverse groupThe newly formed council includes global experts from civil society, academia, and industry with experience in a range of areas including healthcare, scientific research, artificial intelligence, and finance. Representatives from Google, Mastercard and Microsoft are among 20 experts attending the council\u2019s first meeting January 25. They will discuss the global opportunities and challenges for international transfers and how the UK can be a global leader in removing barriers to cross-border data flows. The council will then meet quarterly to discuss issues such as future data adequacy partnerships, the development of new data transfer tools, and how governments can work together to promote greater trust in sharing personal data for law enforcement and national security purposes.UK targets advantages of new international data transfer dealsThe UK government intends to strike new deals on personal data transfers with some of its key trading partners around the world as part of its National Data Strategy. Whilst organisations can use a range of mechanisms under current UK data protection law to transfer personal data to other countries, the council aims to better harness the power of data to boost economic growth, create jobs, and deliver new innovations for people and public services.The removal of barriers to international data flows will be key in here, providing more reliable, cheaper, and secure services, the government stated, adding that new data transfer agreements will build significantly on the annual \u00a383 billion of data-enabled UK service exports. \u201cRealizing the benefits of international data flows has never been more important,\u201d commented data minister Julia Lopez. \u201cWe want the UK to drive forward cutting-edge policies at home and overseas to ensure people, businesses, and economies benefit from safe and secure data flows.\u201dThe government has a list of countries it will prioritize for new data adequacy partnerships to ensure data protection standards mirror the UK\u2019s. These currently include the United States, Australia, the Republic of Korea, and Singapore.Kevin Tunison, data protection officer at Egress, tells CSO that more open international data sharing could unlock the potential of many businesses in the UK and abroad, encouraging innovation and lowering barriers to entry for startups. \u201cFledgling businesses have limited resources for gathering, or purchasing access to, data. Better data sharing would enable businesses to access and make use of global information lawfully, effectively lowering one of the barriers for young businesses, particularly in tech, that need access to information. Similarly, by providing access to UK data, it would level the playing field for entrepreneurs and businesses abroad who want to enter the UK market.\u201dSecurity and privacy implications of UK\u2019s international data transfer ambitionsThe advantages of new cross-border data transfer deals offer the potential of advancement and growth in several areas, but there will be important data security\/protection and privacy implications as a result, experts say. \u201cOne of the most serious security implications will be understanding the impact on the supply chain,\u201d says Tunison.The Department for Digital, Culture, Media and Sport (DCMS) recently proposed that the UK move to a purely risk-based framework for data transfers. \u201cThis would include the requirement for data transfers to be lawful based on security accreditations, such as IS027001. It would mean the risk assessments may focus on the technical function rather than, in GDPR terms, the impact on everyday citizens,\u201d says Tunison.As for privacy implications, there is a need to consider the overall risk appetite for businesses, Tunison adds. \u201cGDPR is now well-established, and businesses are used to working to this framework. Some businesses will be wary of any changes and the reaction they might generate from data subjects. The council should provide guidance to businesses and help them communicate the benefits of changes to data subjects.\u201dFor Tash Whitaker, global data compliance director at Whitaker Solutions Ltd, an important data protection implication is that UK data subjects will find that their data could be transferred to countries with less protection than is currently afforded to them in Europe and the UK. \u201cIf the UK starts brokering agreements to send data to countries with a lower level of protection, then data subjects will lose control of their data and the way it is used, and it is likely that the European Economic Area will withdraw the UK\u2019s own GDPR adequacy agreement.\u201dIndeed, opening up data sharing between countries risks an influx of lower quality data, agrees Tunison. \u201cThe council will need to consider this impact, and the measures to address information gathered via questionable or unlawful means, or data gathered with an obvious bias. Doing so will help guarantee the quality of data shared internationally,\u201d he says.