UK-to-US data transfers reopen under new compliance framework
Starting 12 October 2023, US companies can resume UK data transfers under the revamped UK Extension to the EU-US Data Privacy Framework.
US firms have the green light to recommence the transmission of personal information from the United Kingdom through a new compliance system. This newly established framework, the UK Extension to the EU-US Data Privacy Framework, requires eligible companies to adhere to privacy protections in line with the EU’s data privacy law. The framework streamlines data transfers, assigns new oversight responsibilities to regulators, and defines limits on US government surveillance. Over 800 companies, including Google and Microsoft, have already certified for the UK extension.
Firms engaging in this program can forego conducting individual impact evaluations for each data transfer, thereby presenting a more streamlined approach to European privacy compliance. Nonetheless, uncertainties persist regarding the framework’s viability and potential legal disputes. Despite these concerns, businesses are encouraged to partake in trans-Atlantic data transfers, given their pivotal role in international trade and nurturing trust across the Atlantic.