Further to the joint announcement in June by UK Secretary of State for Science, Innovation, and Technology and the US Commerce Secretary of their intention to create a UK-US data bridge (please see our blog for further details), the UK government has passed a Regulation establishing a UK-US data bridge. The data bridge comes in the form of an extension to the EU-US Data Bridge Privacy Framework (the DPF) and will come into force on 12 October.
Although the DPF was approved by the European Commission in July, transfers of personal data from the UK to the US could not rely on this due to the UK’s exit from the EU. The UK therefore had to craft a standalone arrangement with the US to guarantee that personal data transferred from the UK to the US is adequately protected. The implementation of the UK extension to the DPF will enable UK businesses to securely transfer personal data to US organizations that have certified under the DPF and “opted-in” to receiving data from the UK.
The UK-US data bridge will likely be welcomed by British businesses, as it aims to simplify transatlantic data transfers, reducing the need for administratively burdensome compliance regimes, such as transfer impact assessments (TIAs).
We will provide a further update with a comparison of the UK extension to the DPF and the UK International Data Transfer Agreement but, in the meantime, please refer to our tables comparing the DPF with both the 2016 EU-US Data Privacy Shield and EU Standard Contractual Clauses, for more information on the DPF.