Category

EU-US Data Privacy Framework

Category

*Article originally posted on Law.com authored by Cassandre Coyer at LegalTech News.* This summer marked a key development in the history of data transfers between the U.S. and European Union when the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework after two prior invalidated agreements. But whether that milestone is translating to a wave of companies registering to get certified under the new framework is less apparent. Given the looming possibility of a Schrems…

The European Commission’s adequacy decision for the EU-US Data Privacy Framework (the ‘Framework’) still has a significant beneficial impact for companies even if they continue to rely on the EU Standard Contractual Clauses (‘SCCs’) for transatlantic data transfers instead of participating in the Framework due to the findings in the decision regarding updated US laws and practices. The decision confirms that the EU Commission considers the designation of the EEA as a qualifying organisation under…

On July 10, 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). US companies that participate in the DPF will be deemed to provide “adequate protection” under Article 45 of the EU General Data Protection Regulation (“GDPR”) for personal data transfers received from the European Union (“EU”) and European Economic Area (“EEA”). Why did the EC need to adopt the adequacy decision for the DPF? As we have previously written, the…

The US Office of the Director of National Intelligence (“ODNI”) announced today that it has fully implemented new safeguards under Executive Order 14086. See INTEL – ODNI Releases IC Procedures Implementing New Safeguards in Executive Order 14086. These steps clear the path for the European Commission to adopt the draft “adequacy decision” for cross-border data transfers pursuant to the EU-U.S. Data Privacy Framework. By way of brief background, in July 2020, the Court of Justice…