Jul 20
Danish DPA Data Protection Digital Markets Act EU-US cooperation EDPB hits Meta, the EU General Court explains the nature

EU-U.S. adequacy decision is adopted by the Commission, the UK and the U.S. are currently working together on the UK Extension to the EU-U.S. Data Privacy Framework

EU-U.S. adequacy decision is adopted by the Commission, the UK and the U.S. are currently working together on the UK Extension to the EU-U.S. Data Privacy Framework

Konstantin Tiazhelnikov Konstantin Tiazhelnikov
  • July 20, 2023 -

Last week, on 10 July, the European Commission adopted its adequacy decision for the U.S. after a long period of consultations and anticipation. The decision covers so-called the EU-U.S. Data Privacy Framework.

According to the official Commission’s press release, “the decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. On the basis of the new adequacy decision, personal data can flow safely from the EU to US companies participating in the Framework, without having to put in place additional data protection safeguards”.

As regards the working mechanism, “US companies will be able to join the EU-U.S. Data Privacy Framework by committing to comply with a detailed set of privacy obligations, for instance the requirement to delete personal data when it is no longer necessary for the purpose for which it was collected, and to ensure continuity of protection when personal data is shared with third parties”.

As for the next step, the EU-U.S. Data Privacy Framework will be reviewed periodically by the European Commission together with representatives of European data protection authorities and competent US authorities, to make sure “that all relevant elements have been fully implemented in the US legal framework and are functioning effectively in practice”. The first review will take place within a year.

***

Meanwhile, the UK and the U.S. are currently working on the so-called ‘data bridge’, which is the mechanism for the UK-U.S. data transfers through the UK Extension to the EU-U.S. Data Privacy Framework.

As per the US International Trade Administration (ITA), U.S. entities currently possess the choice to self-certify their adherence to the UK Extension of the EU-U.S. Data Protection Framework. Nonetheless, they are not permitted to employ this certification to obtain personal data from the UK until the UK concludes its evaluation of U.S. data protection statutes and practices, and the UK Extension’s adequacy regulations become officially applicable. The precise timeline for the UK Extension remains unspecified, but it is expected that the UK adequacy regulations will be put into effect within this year.

See more related posts »

Related blog posts

DP News – Week 18. Dutch supervisory authority issued Guidelines on data scraping, CNIL published a self-assessment tool for Binding Corporate Rules (BCR), The Council of the European Union adopted a data transfer framework with Japan, Norway’s supervisory authority (Datatilsynet) released the 2023 annual report.
  • May 2, 2024 -

DP News – Week 17. EDPB released the 2023 annual report, outlined its 2024-2027 strategy and issued an information note on the EU-US Data Privacy Framework redress mechanism, Finnish DPA has decided on retention periods in the recruitment process.
  • April 25, 2024 -

DP News – Week 16. EDPB opinion: Pay-or-Consent models clash with GDPR consent requirements, EU Commission requested a risk assessment from TikTok, ICO launched a privacy notice generator, Catalan Data Protection Authority fines occupational health center for email confidentiality breach, Dutch chipmaker investigates data breach amidst security concerns.
  • April 18, 2024 -