ARTICLE
4 October 2023

UK Government Approves Adequacy Of UK-US Data Bridge

KG
K&L Gates
Contributor
K&L Gates fosters an inclusive and collaborative environment across our fully integrated global platform that enables us to combine the expertise of our lawyers and policy professionals to create teams that provide exceptional client solutions. With offices spanning across five continents, we represent leading global corporations in every major industry.
The UK Government has laid adequacy regulations before Parliament that, once in force from 12 October 2023, will permit use of the UK – US "Data Bridge" as a safeguard...
Worldwide Privacy
To print this article, all you need is to be registered or login on Mondaq.com.

The UK Government has laid adequacy regulations before Parliament that, once in force from 12 October 2023, will permit use of the UK – US "Data Bridge" as a safeguard for personal data transfers from the UK to the US under Article 44 UK GDPR.

The UK – US "Data Bridge," AKA the UK Extension to the EU – US Data Privacy Framework (Framework), allows UK organisations to transfer personal data to organisations located in the United States that have self-certified their compliance with certain data protection principles and appear on the Data Privacy Framework List. This scheme, administered by the US Department of Commerce, provides a redress mechanism for data subjects in the European Union to enforce their rights under the EU General Data Protection Regulation, in relation to a participating US organisation's compliance with the Framework, and to US national security agencies' access to personal data. This new redress mechanism attempts to prevent a challenge to the Framework similar to the SchremsII case, which invalidated the Framework's predecessor EU – US Privacy Shield. Despite this, the Framework has already been the subject of a short-lived case at the Court of Justice of the EU, and there may be more legal challenges.

Alongside the adequacy regulations, the UK government published an analysis of the US laws relating to US national security agencies' access to the personal data of European data subjects. This analysis effectively completes the international data transfer risk assessment (TRA), which UK organisations have been required to carry out before transferring personal data to the US. It is likely that UK organisations relying on the other Article 44 UK GDPR safeguards, such as the International Data Transfer Agreement, may also rely on this analysis in place of completing a TRA.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

ARTICLE
4 October 2023

UK Government Approves Adequacy Of UK-US Data Bridge

Worldwide Privacy
Contributor
K&L Gates fosters an inclusive and collaborative environment across our fully integrated global platform that enables us to combine the expertise of our lawyers and policy professionals to create teams that provide exceptional client solutions. With offices spanning across five continents, we represent leading global corporations in every major industry.
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More