On 8 June 2023, US President Joe Biden and UK Prime Minster Rishi Sunak announced the US and UK had reached a commitment in principle to establish a UK/US “data bridge”.

From a UK GDPR perspective this new mechanism would be an extension to the EU-US Data Privacy Framework, which is currently being assessed by the European Commission under the EU GDPR. The European Commission is expected to issue an adequacy decision under the EU GDPR in relation to the EU-US Data Privacy Framework, which would permit data transfers from the EU to US organisations that certify for the scheme. This UK announcement would align the position under the UK GDPR with the EU GDPR for data transfers from the UK to US organisations that certify for the scheme.  

UK Secretary of State for Science, Innovation, and Technology Chloe Smith and US Secretary of Commerce Gina M. Raimondo also issued a joint statement regarding the UK-US data bridge. This states the UK’s intention is to extend the EU-US Data Privacy Framework to the UK, which would be “subject to the UK’s data bridge assessment and further technical work being finalised, and dependent on the US designation of the UK as a qualifying state under Executive Order 14086.”

This commitment in principle is welcome news for organisations in both the US and the UK, particularly in light of ongoing uncertainties regarding international data transfers more broadly (including to the US) from an EU perspective under the EU GDPR.

In terms of next steps, the UK Government will continue to finalise its “data bridge assessment” as well as formally consulting with the Information Commissioner as required under the Data Protection Act 2018. We will be tracking these developments closely and will provide further details as they progress.


Ben advises clients in a wide range of industry sectors, focusing in particular on data protection compliance, including healthcare, financial services, adtech, video games, consumer and business-to-business organisations. Ben regularly assists clients with global data protection compliance projects and assessments as well as specific data protection challenges such as international transfers and data security breaches. Ben is also regularly involved in drafting and negotiating data protection clauses in agreements for various clients in a wide range of industry sectors. Ben also regularly advises clients on electronic direct marketing and cookies.