UK government establishes UK-U.S. Data Bridge
Posted in Cybersecurity, Data Privacy

The United Kingdom has announced its decision to establish the UK-U.S. Data Bridge. The UK-U.S. Data Bridge will allow UK businesses and organizations to transfer personal data to organizations in the United States that have certified compliance with the UK Extension to the EU-U.S. Data Privacy Framework.

The announcement was made on September 21 by Michelle Donelan, the UK Secretary of State for Science, Innovation, and Technology.

Accompanying the announcement was a series of supporting documents, including the Data Protection (Adequacy) (United States of America) Regulations 2023, a fact sheet for UK organizations, an assessment of the UK Extension by the Information Commissioner’s Office, and a comprehensive analysis of the UK Extension by the UK Department for Science, Innovation, and Technology.

The UK-U.S. Data Bridge adequacy regulations took effect on October 12. This means that UK businesses can begin transferring personal data to certified U.S. organizations without the need for further safeguards. Those safeguards include those specified in Article 46 (such as binding corporate rules, the International Data Transfer Agreement, or the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses) and Article 49 (derogations for specific situations).

An organization that already participates in the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and intends to extend its participation to cover the UK (and, as applicable, Gibraltar) would need to add the UK Extension either as part of its annual re-certification process or, if doing so outside of the annual re-certification process, add the UK Extension no later than six months from July 17, 2023.

As a reminder, the European Commission adopted its adequacy decision on July 10. Organizations that previously self-certified their commitment to comply with the predecessor EU-U.S. Privacy Shield Framework and wish to continue participation under the new E.U.-U.S. DPF had three months (until last week) to update their privacy policies to refer to the new framework. For more information about the EU-U.S. DPF, please see our previous blog post on the European Commission’s adequacy decision.

The Constangy Cyber Team assists businesses of all sizes and industries with implementing necessary updates to their privacy and compliance programs to address the constantly evolving regulatory landscape. If you would like additional information on how the EU-U.S. DPF and/or the UK Extension affect your business, please contact us at cyber@constangy.com.

TAGS: Cyber Team, CyberMonday, Cybersecurity, Data Bridge, Data Privacy, Global Security and Privacy, Privacy Shield Framework, UK-US Data Bridge, United Kingdom, United States
Facebook Twitter/X Linkedin Email

The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation. 

Search

Get Updates By Email

Subscribe

Archives

Jump to Page

Constangy, Brooks, Smith & Prophete, LLP Cookie Preference Center

Your Privacy

When using this website, Constangy and certain third parties may collect and use cookies or similar technologies to enhance your experience. These technologies may collect information about your device, activity on our website, and preferences. Some cookies are essential to site functionality, while others help us analyze performance and usage trends to improve our content and features.

Please note that if you return to this website from a different browser or device, you may need to reselect your cookie preferences.

For more information about our privacy practices, including your rights and choices, please see our Privacy Policy. 

Strictly Necessary Cookies

Always Active

Strictly Necessary Cookies are essential for the website to function, and cannot be turned off. We use this type of cookie for purposes such as security, network management, and accessibility. You can set your browser to block or alert you about these cookies, but if you do so, some parts of the site will not work. 

Functionality Cookies

Always Active

Functionality Cookies are used to enhance the functionality and personalization of this website. These cookies support features like embedded content (such as video or audio), keyword search highlighting, and remembering your preferences across pages—for example, your cookie choices or form inputs during submission.

Some of these cookies are managed by third-party service providers whose features are embedded on our site. These cookies do not store personal information and are necessary for certain site features to work properly.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek