On Thursday, 21 September, the Department of Science, Innovation and Technology (DSIT) published the Data Protection (Adequacy) (United States of America) Regulations 2023 (regulations) for the UK Extension to the EU-US Data Privacy Framework (DPF).
In accordance with section 17A of the Data Protection Act 2018, the regulations signify that the United States provides an adequate level of protection of personal data for transfers.
The UK-US Data Bridge will come into force on 12 October 2023. It means that businesses in the UK will be able to transfer personal data to participating US organisations certified under the UK Extension to the DPF without the need for additional safeguards.
Today's announcement follows the agreement in principle reached in June.
Additional commentary and insight from IAPP Research and Insights Director Joe Jones, who worked on the project during his time as Deputy Director of International Data Transfers at the Department for Digital, Culture, Media & Sport (DCMS).
In related news, the US Department of Justice Office of Privacy and Civil Liberties has added the UK as a qualifying state in terms of implementing the redress mechanism established in Executive Order 14086. This means UK citizens can petition the redress mechanism once the UK-US Data Bridge takes effect.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.