On 8 June 2023, US President Joe Biden and UK Prime Minster Rishi Sunak announced the US and UK had reached a commitment in principle to establish a UK/US “data bridge”.
From a UK GDPR perspective this new mechanism would be an extension to the EU-US Data Privacy Framework, which is currently being assessed by the European Commission under the EU GDPR. The European Commission is expected to issue an adequacy decision under the EU GDPR in relation to the EU-US Data Privacy Framework, which would permit data transfers from the EU to US organisations that certify for the scheme. This UK announcement would align the position under the UK GDPR with the EU GDPR for data transfers from the UK to US organisations that certify for the scheme.
UK Secretary of State for Science, Innovation, and Technology Chloe Smith and US Secretary of Commerce Gina M. Raimondo also issued a joint statement regarding the UK-US data bridge. This states the UK’s intention is to extend the EU-US Data Privacy Framework to the UK, which would be “subject to the UK’s data bridge assessment and further technical work being finalised, and dependent on the US designation of the UK as a qualifying state under Executive Order 14086.”
This commitment in principle is welcome news for organisations in both the US and the UK, particularly in light of ongoing uncertainties regarding international data transfers more broadly (including to the US) from an EU perspective under the EU GDPR.
In terms of next steps, the UK Government will continue to finalise its “data bridge assessment” as well as formally consulting with the Information Commissioner as required under the Data Protection Act 2018. We will be tracking these developments closely and will provide further details as they progress.
