James Curry considers whether the UK Extension to the EU-US Data Privacy Framework goes far enough
- Reviews the UK Extension to the EU-US Data Privacy Framework.
- Examines whether the safe exchange of personal data across borders has the possibility to strengthen capital growth for businesses and break down potentially restrictive barriers to the sharing of data.
Since 12 October 2023, businesses in the UK have been able to transfer personal data to US organisations certified to the UK Extension to the EU-US Data Privacy Framework (DPF) under Art 45 of the UK General Data Protection Regulation (GDPR), without the need for further safeguards such as those contained in the GDPR.
This follows the decision by Parliament to establish a UK-US data bridge, through the UK Extension, and lay adequacy regulations in Parliament to better facilitate the transfer of personal data from the UK to the US.
What is the DPF?
The DPF is a package of measures designed to govern how personal data is protected when transferred from the UK to the US. It replaced the EU-US
