News

July 11, 2023

The EU-US Data Privacy Framework: What Changed and What It Means

In July 2023, the European Commission formally adopted the EU-US Data Privacy Framework, establishing a new legal mechanism for transferring personal data from the European Union to the United States. The Framework replaces the Privacy Shield arrangement that was invalidated by the Court of Justice of the European Union in 2020.

Under the new agreement, US companies that process EU personal data can self-certify to a set of data protection principles administered by the US Department of Commerce. The principles include requirements around data security, retention, onward transfers to third parties, and individual rights to access and correction.

The Framework also addresses the core concern that killed Privacy Shield: US government surveillance. New executive orders limit intelligence agency access to EU data and establish a Data Protection Review Court — an independent body where EU individuals can seek redress if they believe their data was improperly accessed.

Privacy advocates remain skeptical and legal challenges are expected. But for businesses that depend on transatlantic data flows, the Framework provides a functioning legal basis where none existed for several years. Organizations that were relying on standard contractual clauses as a workaround now have an alternative path.

Share:

More Posts

The HIPAA Security Rule Update Is Final. Here Is What Covered Entities Must Do Now.

The EU AI Act’s First Enforcement Deadlines Are Here. Is Your Product Ready?

Why We Built on Zero-Knowledge Architecture (And Why It’s No Longer Optional)

Twenty States. Twenty Privacy Laws. One Compliance Problem.

Send Us A Message