First Review of EU-U.S. Data Privacy Framework
On July 18 and 19, 2024, representatives from the United States Government and the European Commission gathered in Washington D.C. for the first periodic review of the EU-U.S. Data Privacy Framework (DPF). The meeting included officials from various U.S. departments, such as Commerce, Justice, and Transportation, as well as members from the European Commission’s Directorate General for Justice and Consumers and the European Data Protection Board. Independent oversight bodies and DPF participants also contributed their insights during the discussions.
The review coincides with the one-year anniversary of the DPF’s implementation, reflecting the ongoing commitment of both the United States and the EU to uphold data privacy standards. Over the past year, the two entities have collaborated closely, resulting in significant advancements in privacy protection. The DPF has established a national security redress mechanism and has facilitated data flows that support over €1 trillion in EU-U.S. trade and investment. Since its launch in July 2023, more than 2,800 enterprises have enrolled in the framework, with 70 percent being small and medium-sized businesses.
During the review, participants assessed various elements of the DPF, including compliance with privacy requirements and the effectiveness of the Data Protection Review Court. This court allows individuals in the EU and European Economic Area to seek redress regarding U.S. signals intelligence activities. Additionally, the discussions included legal developments related to privacy and government access to data, which are crucial for maintaining the integrity of the framework.
The European Commission is currently preparing a report on the DPF’s functioning, which will mark the conclusion of the review process. This report is expected to provide insights into the effectiveness of the framework and any necessary adjustments to enhance data protection for individuals.
