EU-US Data Privacy Framework

On 10 July 2023, the European Commission published its final Adequacy Decision for EU-US data transfers. The draft decision reflects the multi-year coordination between the EU and US to identify and implement a lasting solution to facilitate international data transfers following the Court of Justice of the European Union’s judgment in Schrems II.

?

The EU’s adequacy decision determines that the US, through the newly created EU-US Data Privacy Framework, provides comparable safeguards to those of the EU and ensures an adequate level of protection for personal data transferred from the EU to certified organizations in the US.?


Some of the key pointers include:

1.?????The adequacy decision follows the US signature of an Executive Order on ‘Enhancing Safeguards for United States Signals Intelligence Activities', which introduced new binding safeguards to address the points raised by Court of Justice of the European Union in its Schrems II decision of July 2020. Notably, the new obligations were geared to ensure that data can be accessed by US intelligence agencies only to the extent of what is necessary and proportionate, and to establish an independent and impartial redress mechanism to handle and resolve complaints from Europeans concerning the collection of their data for national security purposes.

2.?????An adequacy decision is one of the tools provided under the General Data Protection Regulation (GDPR) to transfer personal data from the EU to third countries which, in the assessment of the Commission, offer a comparable level of protection of personal data to that of the European Union.

3.?????As a result of adequacy decisions, personal data can flow freely and safely from the European Economic Area (EEA), which includes the 27 EU Member States as well as Norway, Iceland and Liechtenstein, to a third country, without being subject to any further conditions or authorisations. In other words, transfers to the third country can be handled in the same way as intra-EU transmissions of data.

4.?????The adequacy decision on the EU-U.S. Data Privacy Framework covers data transfers from any public or private entity in the EEA to US companies participating in the EU-U.S. Data Privacy Framework.

5.?????The adequacy decision concludes that the United States ensures an adequate level of protection for personal data transferred from the EU to companies participating in the EU-U.S. Data Privacy Framework. With the adoption of the adequacy decision, European entities are able to transfer personal data to participating companies in the United States, without having to put in place additional data protection safeguards.

6.?????The Framework provides EU individuals whose data would be transferred to participating companies in the US with several new rights (e.g. to obtain access to their data, or obtain correction or deletion of incorrect or unlawfully handled data). In addition, it offers different redress avenues in case their data is wrongly handled, including before free of charge independent dispute resolution mechanisms and an arbitration panel.

7.?????US companies can certify their participation in the EU-U.S. Data Privacy Framework by committing to comply with a detailed set of privacy obligations. This could include, for example, privacy principles such as purpose limitation, data minimisation and data retention, as well as specific obligations concerning data security and the sharing of data with third parties.

8.?????The Framework will be administered by the US Department of Commerce, which will process applications for certification and monitor whether participating companies continue to meet the certification requirements. Compliance by US companies with their obligations under the EU-U.S. Data Privacy Framework will be enforced by the US Federal Trade Commission.

9.?????The adequacy decision entered into force with its adoption on 10 July.


There is no time limitation, but the Commission will continuously monitor relevant developments in the United States and regularly review the adequacy decision.

10.??All the safeguards that have been put in place by the US Government in the area of national security (including the redress mechanism) apply to all data transfers under the GDPR to companies in the US, regardless of the transfer mechanims used. These safeguards therefore also faciliate the use of other tools, such as standard contractual clauses and binding corporate rules.

要查看或添加评论,请登录

Dr. Saurabh Pramanick的更多文章

  • Training Program Topics - List 4

    Training Program Topics - List 4

    Working with Hugging Face with Hugging Face Introduction to Hugging Face What are Large Language Models? Use cases for…

  • Training Program Topics - List 3

    Training Program Topics - List 3

    Introduction to Julia Julia basics with Julia Using the console Julia as a calculator Printing Variables Valid variable…

  • Training Program Offerings - List 2

    Training Program Offerings - List 2

    DL0 - Data Leadership ? Data Leadership Framework (DLF) ? Data Architecture ? Data Governance ? Metadata and Master…

  • Program Offerings Expertise - List 1

    Program Offerings Expertise - List 1

    Power BI (50+) Bins, Change the Data type of a Column, Combine Multiple Tables, Clusters, Enter data or Copy & Paste…

    2 条评论
  • Digital Personal Data Protection Bill 2023, India

    Digital Personal Data Protection Bill 2023, India

    Today on 7 August, 23, The Digital Personal Data Protection Bill 2023 was passed in the Lok Sabha. The bill seeks to…

    1 条评论
  • Future Trends in Metadata Management

    Future Trends in Metadata Management

    As part of PhD research, I am focusing on Metadata Management and found these useful themes that are going to drive…

社区洞察

其他会员也浏览了