Update: The United Kingdom and the United States make progress towards data adequacy

Data protection laws in the UK require that transfers of personal data to overseas territories be subjected to additional legal processes in territories that do not meet the UK’s adequacy standards.

What is data adequacy?

A data adequacy decision confirms that a country’s level of personal data protection is comparable to that of the UK’s. The decision is taken by the Secretary of State, who must be satisfied that the standards afforded by the UK data protection regime are not undermined when data is transferred to another country.

More details on the laws of international data transfers can be found in our previous article: What you need to know about the new international data transfer laws.

Prior to the introduction of the Addendum to the EU Standard Contractual Clauses (the ‘Addendum’), data transfers to the US were protected by the Privacy Shield, an arrangement under which data could be transferred between the US and the EU and UK. However, following the decision in Schrems II (more detail on Schrems II can be found HERE), it was deemed that the Privacy Shield did not afford sufficient rights to data subjects and that data controllers did not have stringent enough obligations around the safety and security of personal data.

Why is this an issue?

In 2020, 85% of UK service exports to the US were data-enabled, accounting for £69.3b of revenues and making up 30% of all UK data-enabled exports.

Therefore, the significant volume of data exported to the US prior to the decision of Schrems II, and the benefits that this has on the UK economy, necessitates a regime which allows for data transferred freely between the two countries.

What action has been taken?

In recognition of the barriers that the Schrems II decision placed on data transfers between the UK and the US, the two countries have since been in dialogue as to how to overcome the challenge.

In 2021, the then-Secretary of State for Digital, Culture, Media and Sport (‘DCMS’) Nadine Dorris and the United States Commerce Secretary Gina M. Raimondo, issued a joint statement signifying the shared commitment of the two countries to deepen the UK-US data partnership and to promote the exchange of data across borders.

On 07 October 2022, the Secretary of State for DCMC and Gina M. Raimondo confirmed the number of steps that have been taken towards a new data adequacy agreement, allowing for the easing of barriers on data transfers between the UK and the US. This statement came on the same day as President Biden signed an Executive Order setting out the steps the US will take to implement its commitments under a new EU-US data privacy framework.

Should the UK meet the qualification conditions set out by the Executive Order, the safeguards it will provide will likely contribute significantly towards the UK’s adequacy assessment of the US data privacy regime.

Effects of the UK-US data agreement

An adequacy decision for the US could see significant positive economic impacts for both countries, as it would reduce costs and increase efficiency in data transfers between the two countries, as well as reassuring UK citizens that their data is being transferred and stored safely and securely.

Please note that this information is for general guidance only and should not substitute professional legal advice. If you have specific concerns, we recommend consulting one of our legal experts.