First anniversary of the EU-US Data Privacy Framework

The first anniversary of the EU-US Data Privacy Framework (“DPF”) is approaching soon, specifically on July 10th, 2024. As a quick reminder, the Framework is created on basis of the EU Commissions decision to implement it as a tool under the GDPR, to guarantee a similar protection of personal data in third countries, here the US. This is also called “adequacy decision” (see Art. 45 GDPR) which enables personal data to flow safely and freely from the EU/EEA to other third countries, without restrictions. As the EU-US DPF is one of those decisions, all parties located in the US which are self-certified by the DPF can receive personal data from private and public EU entities.
Here it is essential to understand that only companies and other subjects participating in the DPF are declared as safe, not the United States per se. Participating actors can be certified by complying with specific privacy obligations. However, throughout the year, it has been made clear that implementing adequacy decision brings some challenges with it. To ensure certification requirements are met, the DPF is being reviewed at least every four years by the European Union, the first review will take place within one year after the entry into force, i.e., latest by mid of July.

Since criticism evolved around the accuracy of adequate level of protection in participant’s systems, some might argue about the renewal of the DPF. To understand and meet the EU’s requirements to be declared as adequately safe, DP Dock’s services can be an aim to efficiently implement privacy structures/ measures to count as safe without additional safeguards.

For more info please click here