U.K.-U.S. Data Bridge to Come Into Effect
In June of this year, the U.K. and U.S. reached a preliminary agreement to effectuate a cross-border data transfer mechanism known as the U.K.-U.S. Data Bridge. On September 21, 2023, the U.K. government and the U.S. Secretary of State announced the two countries were officially moving forward with the Data Bridge. The Data Bridge comes on the heels of the E.U.-U.S. Data Privacy Framework, which was adopted in July of this year.
The U.K.-U.S. Data Bridge acts as an extension of the E.U.-U.S. Data Privacy Framework, enabling companies who are self-certified through the E.U.-U.S. Data Privacy Framework to also receive and transfer U.K. personal data without having to utilize other transfer mechanisms such as standard contractual clauses or binding corporate rules. The Data Bridge will come into full effect on October 12, 2023.
The Data Bridge was promulgated with the intent to loosen data transfer restrictions between the U.S. and U.K., while also ensuring the safety and security of U.K. personal data. That said, the future of the Data Bridge may be on shaky grounds. The E.U.-U.S. Data Privacy Framework has been under fire since its announcement. Max Schrems and his non-profit NOYB (the driving forces behind the previous annulments of the Privacy Shield) released a statement in July claiming a “CJEU challenge [is] ready to be filed.” In early September of this year, French MP Phillippe Latombe filed an application to annul the Framework. The current status of this application is unknown, but litigation and adjudication on the topic could take several months.
Although the future of the E.U.-U.S. Data Privacy Framework and, by proxy, the U.K.-U.S. Data Bridge are uncertain, they still remain viable cross-border transfer mechanisms open to U.S. organizations. To read more about the E.U.-U.S. Data Privacy Framework, read our blog on the topic, available here.