The UK’s imminent Data Bridge, extending the EU–US Transatlantic Data Privacy Framework (DPF), has sparked notable privacy apprehensions, especially in light of its predecessor, the Privacy Shield, being deemed inadequate by the European Court of Justice. The forthcoming Data Protection and Digital Information (DPDI) Bill could enable the UK Secretary of State to authorize personal data transfers, even to nations without robust rights and remedies, potentially deviating from the EU GDPR and conflicting with US surveillance programs. 

The UK’s forthcoming Data Bridge, an extension to the EU–US Transatlantic Data Privacy Framework (DPF), raises significant privacy concerns. Set to be enacted on October 12, this voluntary scheme allows US companies to share personal data with the EU. It emerges after the European Court of Justice found its predecessor, the Privacy Shield, insufficient in protecting against unlawful US state agency surveillance. The DPF, however, is facing legal challenges, accused of not meeting basic rule of law guarantees.


The Data Protection and Digital Information (DPDI) Bill, if approved, would empower the UK Secretary of State to authorize personal data transfers to countries, even those lacking enforceable rights and effective remedies. While the UK Government contends that the new regime won’t substantially deviate from the EU GDPR, adopting the EU–US DPF suggests otherwise. European data protection law mandates companies to ensure equivalent data protection levels, regardless of the transfer destination, a rule often in conflict with US surveillance programs.


The DPDI Bill could potentially bypass considerations related to “public security, defence, national security and criminal law” and “the access of public authorities to personal data”. The DPF, designed to address these issues, obliges the US to implement an Executive Order, providing more rights and stronger accountability for its state surveillance programs. In exchange, the EU has legalized personal data transfers to US companies, provided they adhere to the DPF and its enhanced safeguards. However, experts caution that the scheme may not fulfill its promises of providing enforceable rights and effective remedies against arbitrary data access and misuse by US authorities.


The UK’s approach to international data transfers, particularly through the UK Data Bridge, could compromise its role in promoting human rights and the rule of law globally. This approach not only fails to offer a pragmatic, long-term solution to international data transfers but also risks positioning the UK as a data-laundering haven, instigating a global privacy race to the bottom. The Open Rights Group vows to continue advocating for solutions that uphold high human rights and rule of law standards, balancing national security with broader economic and societal needs.


Stay in Touch

Would you like me to send you an update every time a new post is published? (aka DTL) offers global insights on privacyliberty, and free speech in a digital era where information is largely controlled by government entities, security and intelligence bodies, and corporations, both of which wield enormous amounts of information (and power)

Copyright © 2023 DovTheLachman. All rights reserved worldwide

Leave a Reply

Your email address will not be published. Required fields are marked *