This Time for Sure? EU-U.S. Data Privacy Framework Adopted

This morning, the President of the European Commission, Ursula Gertrud von der Leyen, announced the EU Commission’s adoption of an adequacy decision for the EU-U.S. Data Privacy Framework. This long-awaited action provides much-needed stability to EU to U.S. data flows. Whether it will survive judicial review, or fall as its predecessors (the Safe Harbor and the Privacy Shield) did, remains to be seen.

This EU-U.S. Data Privacy Framework is designed to replace the invalidated EU-U.S. Privacy Shield as a tool under the EU’s General Data Protection Regulation (GDPR) to enable valid transatlantic data flows.  The goal of the new framework is to enable personal data transfers between the EU and U.S. while complying with the GDPR.  Under the new agreement, companies that want to transfer data between the EU and U.S. will have to comply with a new set of principles and safeguards regarding how they handle and secure personal data.

As part of the EU-U.S. Data Privacy Framework, the U.S. government has established a new two-layer redress mechanism to handle and resolve complaints from any data subject in the EEA whose data has been transferred from the EEA to companies in the U.S. about the collection and use of their data by U.S. intelligence agencies. Under this framework, individuals will be able to submit a complaint to their national data protection authority which complaint will then be transmitted to the U.S. by the European Data Protection Board.

For more information about the EU-U.S. Data Privacy Framework, or how to certify, please contact John Landolfi, Marcel Duhamel, Chris Ingram, Chris LaRocco, Gretchen Rutz Leist, or your Vorys attorney.