On January 12th, a landmark commitment was forged between the UK and U.S. governments during the first-ever UK-U.S. Comprehensive Dialogue on Technology and Data. This pivotal meeting set the stage for policymakers to establish clear goals and action plans for the year ahead, including the finalization and implementation of a data bridge between the two nations. Fast forward exactly 10 months to October 12th, and the UK-U.S. Data Bridge officially went into effect. Below is a breakdown of what is included in the agreement and what this means for our small business members and the app economy at large.
What is a data bridge?
“Data bridge” is a term used to describe the approved transfer of personal data from one country to another without additional safeguards. It facilitates the free and secure exchange of personal data from the country of origin to other countries, fostering business growth, enabling vital research, and promoting science and innovation. By reducing barriers to data sharing, data bridges also benefit consumers by potentially enhancing service quality and reducing costs.
When setting up a data bridge, there’s a checklist that needs to be considered: how well the other country protects personal data, adheres to the rule of law, respects human rights, and whether they have an effective regulatory system.
UK-U.S. agreement
The UK-U.S. Data Bridge streamlines the transfer of personal data from UK organizations to certified counterparts in the United States, cutting through red tape and easing costly hurdles. At the same time, it ensures the protection UK individuals enjoy under the UK General Data Protection Regulation (GDPR) is fully maintained when their personal data crosses the Atlantic. However, it’s important to note that data bridges aren’t reciprocal. For example, when it comes to the agreement between the UK and the United States a free flow of data from the United States to the UK is not permitted.
The Data Bridge also potentially eliminates the need for UK organizations to assess risks related to U.S. surveillance laws and practices when transferring data. The UK government’s detailed evaluation of U.S. practices has played a crucial role in establishing trust in the data protection levels maintained during transatlantic transfers.
In conclusion
The U.K.-U.S.-EU data transfer triangle is a crucial piece of the global data transfer landscape and essential for the success of our global membership. Just as we did with the EU-U.S. Data Privacy Framework (DPF), we welcome the adoption of the UK-U.S. Data Bridge and look forward to ensuring the continued protection of data and restoring seamless data flows between the two regions.
Stay tuned for a “How to self-certify” guide for the UK-U.S. Data Bridge and learn more about how to self-certify under the EU-U.S. DPF here.