EDPB Adopts Report on EU-U.S. Data Privacy Framework Review
On November 5, the European Data Protection Board (EDPB) released a report reviewing the EU-U.S. Data Privacy Framework (DPF). The EDPB acknowledged the efforts made by U.S. authorities and the European Commission to implement the DPF since the adequacy decision was adopted in July 2023.
The report highlighted the steps taken by the U.S. Department of Commerce to facilitate the certification process for companies under the DPF, including the launch of a new website and enhanced procedures.
The EDPB noted that while the redress mechanism for EU individuals has been established, the low number of complaints received under the DPF indicates a need for U.S. authorities to monitor compliance among certified companies. The Board emphasized the necessity for U.S. guidance on the requirements for DPF-certified companies when transferring personal data from EU exporters, particularly regarding human resources data. Furthermore, the EDPB expressed its willingness to assist in the development of these guidance documents.
Regarding U.S. public authorities’ access to personal data transferred from the EU, the EDPB focused on the implementation of safeguards introduced by Executive Order 14086. The Board stressed the importance of monitoring the practical functioning of these safeguards, including the principles of necessity and proportionality. Additionally, the EDPB called for the European Commission to keep an eye on developments related to the U.S. Foreign Intelligence Surveillance Act, especially after Section 702 was re-authorized by Congress.
