As a member state of the EU, Spain is part of one of the world’s most impactful data ecosystems. Like many nations, all EU member states have also made a commitment to developing a data privacy framework with the USA. This framework expanded recently with the addition of the US-UK data bridge, connecting the former member state to the US. Here’s what this means for all countries involved.
The EU-US Data Privacy Framework
In today’s digital world, data is the lifeblood of many online businesses. It doesn’t just provide valuable marketing insights – the wrong data in the wrong hands can spell disaster for companies, or even world governments.
Every large website online, especially those handling money, takes great care to safeguard user data. This isn’t exclusive to government websites, since entertainment sites also store personal data and can process transactions. Entire online industries like iGaming provide entertainment online, so when somebody in the UK plays real money Bingo at Paddy Power, for example, their data is kept in secure data centers that those companies have invested a lot into.
Through policies like GDPR, the EU has gone further than a lot of nations in legislating the online use and protection of users’ personal data.
That brings us to the EU-US Data Privacy Framework. Also known as the DPF, this is a certification that US-based organizations can apply for.
It enables these organizations to become recognized for passing and complying with data protection regulations as enforced by the American Federal Trade Commission (FTC) and other departments, like those managing transportation or commerce. Once in, DPF-certified entities can receive likewise data from the EU and now the UK.
By entering into a framework agreement such as this, organizations can sidestep GDPR’s more stringent restrictions since they have been verified as trustworthy and policy-compliant by other means. It also means members will be held liable by the FTC (one of the world’s foremost consumer protection agencies) if they violate the framework’s terms.
The UK-US Data Bridge
The expansion, dubbed the data bridge, has been agreed upon for quite some time. The process was started by the Rt Hon Michelle Donelan, MP for Chippenham and more importantly the Secretary of State for Science, Innovation and Technology. She was able to do this via Section 17A of the Data Protection Act 2018, where the decision to establish a data bridge required adequacy regulations.
She laid those regulations in the UK Parliament in September of 2023, supported by the US Attorney General across the pond. The USA had already legitimized the UK as a beneficiary of this data-sharing framework by listing it as a qualifying state in Executive Order 14086, issued a year beforehand in October 2022.
Before these formal proceedings had begun, this data bridge was also described as one of the main deliverable objectives in the U.S.-UK Comprehensive Dialogue on Technology and Data, also in October of 2022.
Modernizing American diplomacy means keeping technology and data at the center of our efforts—and doing so in partnership with key global partners. Thanks to @StateCDP, @CommerceGov, @FCDOGovUK, and @DCMS for kicking-off the U.S.-UK Comprehensive Dialogue on Data and Technology. https://t.co/gjXz9xcVdn
— Secretary Antony Blinken (@SecBlinken) January 12, 2023
While US organizations are policed by the FTC, British individuals also have a right to redress that emerges from the UK’s qualifying state status mentioned above. The US executive order gives UK individuals and organizations the right to raise improper data collection through the US, using US law, to protect entities on the UK side of the agreement. After being cleared by the UK Parliament, the data bridge was established on the 12th of October 2023.
Main Image: Pexels