UK-to-US data transfers reopen under new compliance framework
Starting 12 October 2023, US companies can resume UK data transfers under the revamped UK Extension to the EU-US Data Privacy Framework.
US firms have the green light to recommence the transmission of personal information from the United Kingdom through a new compliance system. This newly established framework, the UK Extension to the EU-US Data Privacy Framework, requires eligible companies to adhere to privacy protections in line with the EU’s data privacy law. The framework streamlines data transfers, assigns new oversight responsibilities to regulators, and defines limits on US government surveillance. Over 800 companies, including Google and Microsoft, have already certified for the UK extension.
Firms engaging in this program can forego conducting individual impact evaluations for each data transfer, thereby presenting a more streamlined approach to European privacy compliance. Nonetheless, uncertainties persist regarding the framework’s viability and potential legal disputes. Despite these concerns, businesses are encouraged to partake in trans-Atlantic data transfers, given their pivotal role in international trade and nurturing trust across the Atlantic.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.