Adequacy decision for safe EU-US data flows
The European Commission has adopted an adequacy decision for the EU-U.S. Data Privacy Framework, affirming that the United States ensures adequate protection for personal data transferred from the EU to US companies. The new framework enables secure data flow from the EU to US companies partaking in it without needing extra data protection safeguards.
Key features of this new framework include binding safeguards addressing concerns raised by the European Court of Justice regarding access to EU data by US intelligence services, and a newly established Data Protection Review Court (DPRC), accessible to EU individuals. The DPRC can order deletion of data if it is found collected in violation of these safeguards.
Under this framework, US companies can commit to comply with specific privacy obligations like deleting personal data when not required anymore and ensuring continued protection when personal data is shared with third parties.
EU citizens have several redress avenues free of charge in case their data is mishandled by US companies. They will also have access to an independent redress mechanism concerning their data’s collection and use by US intelligence agencies via the DPRC.
The framework will undergo periodic reviews for its functionality by representatives from the European Commission, European data protection authorities, and competent US authorities. The first review will occur within a year after the adequacy decision comes into effect.
This announcement marks a significant step towards ensuring safe transatlantic data flows while providing legal certainty and establishing trust for citizens about their data safety on both sides of Atlantic.
Source: Adequacy decision for safe EU-US data flows
