Stained glass window Employment SA Law

'Data Bridge’ for UK-US data transfers launched

What does the UK-US Data Bridge mean for UK businesses?
Wed 11th Oct 2023

From 12 October 2023, organisations exporting personal data from the UK will be able to rely on the UK-US Data Bridge to secure a free and safe exchange of personal data. It will act as the lawful basis for personal data transfers to US organisations that have self-certified under the Data Privacy Framework (DPF).

The DPF governs EU-US data transfers and includes a set of enforceable principles and requirements that must be certified to, and complied with, in order for US organisations to be able to join.

The Data Bridge authorises UK organisations to transfer personal data, where the transfer is to an organisation in the US listed on the EU-US DPF and participating in the UK extension to the DPF. The Government hopes data bridges will unlock growth for businesses, allow crucial information for life-saving research to be shared, and encourage science and innovation across borders, as well as benefitting consumers.

What does the data bridge mean for data sharing?

Before sending personal data to the US, an organisation will need to confirm that the data importer is listed as an active participant on the DPF List.

If the US based data importer has not opted-in to the DPF, the UK data exporter will likely need to continue to rely on the pre-existing contractual mechanisms for transferring personal data to the US.

Currently, only US organisations subject to the jurisdiction of the US Federal Trade Commission (FTC) or the US Department of Transportation (DoT) are eligible to be included in the DPF. Banking, insurance and telecommunications organisations cannot currently participate.

What is excluded from transfer under the DPF?

The Data Bridge does not provide for journalistic data to be included, which means that:

‘Personal information that is gathered for publication, broadcast, or other forms of public communication of journalistic material, whether used or not, as well as information found in previously published material disseminated from media archives, is not subject to the requirements of the Principles’.

Special category and sensitive data under the UK-US Data Bridge

Special category and sensitive data from UK organisations can be shared with US organisations under the Data Bridge. However, this must correctly be identified by UK organisations as such, to ensure that it receives the appropriate protection under the DPF.

Organisations should pay particular attention when transferring data relating to:

  • Genetic data;
  • Biometric data for the purpose of uniquely identifying a natural person; and
  • Data concerning sexual orientation.

What does this mean going forward?

UK organisations seeking to rely on the new UK-US Data Bridge need to ensure they check all the requirements are met before relying on it.

Organisations should be mindful of the need to update privacy policies and document their own processing activity as necessary, ensuring that they reflect any changes in how data is transferred from the UK to the US.

For help and advice on this topic or related issues, please do not hesitate to contact Chris Cook on 01727798089 or email chris.cook@salaw.com.

Read the latest Employment Views & Insights
Views & Insights
Breaking news: Immigration

A Statement of Changes in Immigration Rules was published yesterday, 1 July 2025, which implements some of the changes proposed in the Government’s Immigration…

Read More
Pride Parade
Pride Parade
Views & Insights
A Journey of Pride: Defining Moments in LGBTQ+ History

Over the past several decades, the legal landscape in the UK has evolved considerably to enhance protections and support for the LGBTQ+ community, both…

Read More
Stained glass window Employment SA Law
Views & Insights
Workplace Attendance: Enforcing Compliance

Workplace attendance has been steadily decreasing, and there is little sign that this will change. Centre for Cities, an independent think tank, has published…

Read More
SA Law Red arrow neon light image
Views & Insights
Campbell v Sheffield Teaching North Hospitals NHS Foundation Trust (2025) EAT 42

Decision: The Employment Appeal Tribunal (EAT) upheld a tribunal’s decision that an employer was not liable for an employee’s racially harassing…

Read More
Relax
Views & Insights
Is Your Business Summer Ready?

The sun is shining, the trilogy of Bank holidays have come and gone and so thoughts are naturally turning to the summer break. July and August present…

Read More
SA Law Red arrow neon light image
Views & Insights
Employment Rights Bill

Introduced on 10th October 2024, the Employment Rights Bill proposes significant and extensive changes to UK employment law.Alongside this, the government…

Read More
SA Law Employment Laptop
Views & Insights
Supreme Court Ruling in For Woman Scotland v Scottish Ministers

On 16th April 2025, the Supreme Court handed down their judgment in the case of ‘For Woman Scotland v Scottish Ministers’. Their judgment stated that,…

Read More
Views & Insights
UK Immigration Reforms: Key Policy Changes Announced

Earlier today the Government’s long-awaited and eagerly anticipated White Paper, Restoring Control over the Immigration System, was published.Purportedly…

Read More

© SA LAW 2025

Every care is taken in the preparation of our articles. However, no responsibility can be accepted to any person who acts on the basis of information contained in them alone. You are recommended to obtain specific advice in respect of individual cases.