Oct 42023

The Finalization of the UK-U.S. Data Bridge

William RM Long, Alan Charles Raul and Lauren Kitces
, , , ,

On September 21, 2023, the UK and the U.S. announced the UK extension to the EU-U.S. Data Privacy Framework (DPF), which will come into effect on October 12. A new UK adequacy regulation provides that the UK Secretary of State for Science, Innovation and Technology has determined that the U.S. provides adequate levels of protection for personal data in certain transfers and brings the UK within the DPF announced in July 2023. The U.S. Attorney General also designated the UK as a “qualifying state” under an Executive Order on September 18 for the purposes of the DPF. This means that on October 12, UK businesses will be able to transfer personal data to U.S. organizations self-certified under the DPF.

Watch the webinar here.

Join Sidley and OneTrust DataGuidance in a discussion with key players in international data transfers, including:

  • Morgane Donse, Deputy Director, International Data Flows, Department for Science, Innovation and Technology
  • Alex Greenstein, Director, Privacy Shield, Office of Digital Services Industries, Industry and Analysis, U.S. Department of Commerce, International Trade Administration
  • Neema Singh Guliani, Deputy Assistant Secretary for Services, U.S. Department of Commerce
  • Lauren Kitces, Senior Managing Associate, Privacy and Cybersecurity, Sidley (Washington, D.C.)
  • William Long, Partner and Global Co-Leader, Privacy and Cybersecurity, Sidley (London)
  • Alan Raul, Partner and Global Co-Leader, Privacy and Cybersecurity, Sidley (Washington, D.C.)

Key topics will include:

  • A discussion of significant points and implications of the new UK-U.S. Data Bridge
  • What organizations should know about the new UK-U.S. Data Bridge
  • Strategies for data transfers from the UK

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

William RM Long

London

wlong@sidley.com

Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

Lauren Kitces

Washington, D.C.

lkitces@sidley.com

You might also like
Top 10 Questions on the EU AI Act

The EU AI Act will be the first standalone piece of legislation worldwide regulating the use and provision of AI in the EU, and will form a key consideration in AI governance programs. The AI Act will have a significant impact on many organizations inside and outside the EU, with failure to comply potentially leading to fines of up to 7% of annual worldwide turnover.

EU Formally Adopts Cyber Law for Connected Products

On 12 March 2024, the European Parliament approved the EU Cyber Resilience Act (“CRA”) with a large majority of 517-12 votes in favor of the legislation (with 78 abstentions). The CRA aims to ensure that “products with digital elements” (“PDE”) i.e., connected products such as smart devices, and remote data processing solutions, are resilient against cyber threats and provide key information in relation to their security properties.

Chambers 2024 Global Practice Guides for Data Protection & Privacy and Cybersecurity
The newest editions of the Chambers Global Practice Guides have been published and, once again, Sidley lawyers have contributed to two guides: Data Protection & Privacy 2024 and Cybersecurity 2024. These publications cover important developments across the globe and offer insightful legal commentary for businesses on issues related to data privacy and cybersecurity, such as regulatory enforcement and litigation, global cooperation to combat cybercrime, international agreement on ‘Software Security by Design,’ a global approach to policy on artificial intelligence, and more. Sidley partner Alan Charles Raul is a contributing editor to both guides in addition to authoring the introductions. The UK chapters of Cybersecurity 2024, covering “UK Law and Practice” and “UK Trends and Development” were authored by Sidley lawyers William Long, Francesca Blythe, Denise Kara, and Eleanor Dodding.