To bring this back to the topic at hand:

FB moving UK users to US means UK GDPR and exceptions / specifics in the DPA 2018 will apply.

Key Qs: How will that diverge from EU? Post-transition ability / appetite to enforce? Legal backstop if enforcement absent or ineffective? https://twitter.com/TrialByTruth/status/1339139332188286979
Bear in mind that the government views UK’s ability to diverge on Data Protection as a competitive advantage. https://twitter.com/TrialByTruth/status/1338775463263690755?s=20
In contract terms, if your business has any dealings with EU residents and leverages FB as part of user interaction (that includes pretty universal FB cookies and trackers you need to check for) you will need to consider Schrems II and however UK lands on US adequacy
If US continues to be a 3rd country for EU and UK, if personal data will be transferred to, monitored by, or accessed from US, you need Standard Contractual Clauses in and whatever EU and UK deem adequate supplementary measures.

How much is enough? Entirely context specific.
EDPB guidance on supplementary measures (consultation ends 21st Dec) https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/recommendations-012020-measures-supplement-transfer_en

Recommendations on assessing "essential equivalence" of destination country controls https://edpb.europa.eu/our-work-tools/our-documents/recommendations/edpb-recommendations-022020-european-essential_en

and draft of new EU SCCs https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12741 consultation finished.
Have your say

https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/recommendations-012020-measures-supplement-transfer_en
Existing SCCs that are approved by the ICO, remain valid for a year. If necessary use them as the new ones won't be in place for 1st Jan. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/#ib6

To prep do a Transfer Impact Assessment to confirm scope (see previous tweet for details in EDPB guidance.
International transfers

The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations.

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/#ib6
UK isn't expected to diverge significantly from EU benchmarks initially.

However, if the UK breaks from EU to offer the US a Privacy Shield-ish adequcy compromise, this will all change.
You can follow @TrialByTruth.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.