The UK government has officially joined a European agreement designed to facilitate trans-Atlantic commercial data transfers with the United States. This agreement, referred to as a “data bridge,” allows the UK to align itself with the EU-US Data Privacy Framework, which became effective in July.
By doing so, the UK avoids the need to negotiate a separate commercial data flow agreement under the General Data Protection Regulation (GDPR) terms. This development is significant because data transfers outside GDPR-governed countries necessitate agreements ensuring an adequate level of privacy protection.
The agreement, set to take effect on October 12, is estimated to support annual data-enabled trade worth at least £79 million. It simplifies data transfers for British businesses, enabling them to bypass more cumbersome methods like standard contractual clauses and binding corporate rules when sending data to the US. Moreover, it eliminates the requirement for organizations to conduct risk assessments before data transfer.
This decision follows the US attorney general’s designation of the UK as a ‘qualifying state’ under Executive Order 14086, aligning the UK’s measures with those sought by the EU to determine adequacy for the EU-US Data Privacy Framework.
While this agreement streamlines data transfers for now, experts caution about its long-term viability, citing past legal challenges to similar frameworks, such as the Safe Harbor Framework and the Privacy Shield, which were both invalidated by the European Court of Justice.