Streamlined data privacy rules for businesses nearer for US, UK
The United Kingdom is closer to replicating with the U.S. a biometrics data sharing agreement it signed with South Korea in January.
The goal is to grease the skids for transferring the personal data that is so prevalent in business services.
A commitment in principle between the UK and the United States has been reached on establishing a so-called data bridge undergirding what would be an extension of the EU-U.S. data privacy framework. The agreement on sharing data between the U.S. and EU is threatened by a finding earlier this year that legal protections are not equivalent on both sides.
The framework, prosaically described as an adequate level of protection for personal data, would be an opt-in security certification for businesses.
The certificate would make redundant contract clauses covering each side’s responsibilities to protect the other’s consumer privacy whenever they handle personal data.
In a joint statement, U.S. Commerce Secretary Gina Raimondo and her UK counterpart, Chloe Smith, said this a step toward “realizing both countries’ mutual ambition to establish a data bridge that would restore a robust and reliable mechanism for U.S.-UK data flows.”
Without an agreement between national trading partners, time and money are expended on detailed contracts.
A finalized data bridge is expected this year, about two years after the process started, and will be a part of the formal Comprehensive Dialog on Technology and Data between the two countries.
The previous framework agreement with South Korea covers biometrics transfers in England, Wales, Scotland and Northern Ireland. London can abandon the framework if regulators report that it has become weakened or grown outdated.