The European Commission has announced an agreement with the United States regarding the transfer of data. This comes after the European Court of Justice invalidated two previous agreements that governed the transfer of Europeans’ personal data to the United States. The court’s decision was based on concerns over the access of US intelligence agencies to Europeans’ private data.
The US Government has implemented safeguards in the area of national security, including a mechanism for addressing grievances, which apply to all data transfers under the General Data Protection Regulation (GDPR) to US companies. These safeguards also support the use of other transfer tools, such as standard contractual clauses and binding corporate rules.
For US companies, joining the EU-U.S. Data Privacy Framework entails committing to a set of privacy obligations, such as deleting personal data when it is no longer necessary and ensuring the protection of data when shared with third parties.
Individuals in the EU will have recourse options in case their data is mishandled by US companies. This includes access to independent dispute resolution mechanisms and an arbitration panel, which will be available free of charge.
The European Commission expressed satisfaction with the measures taken by the United States, stating that they provide an adequate level of protection for the transfer of personal data for commercial use. The new binding safeguards, including limitations on US intelligence services’ access to EU data and the establishment of a Data Protection Review Court, address all concerns raised by the European Court of Justice.
Commission President Ursula von der Leyen stated that the EU-U.S. Data Privacy Framework will ensure secure data flows for Europeans and bring clarity to companies on both sides of the Atlantic.