European Commission Approves EU-US Privacy Framework

The European Commission (EC) on Monday announced a significant move by adopting an adequacy decision for the EU-US Data Privacy Framework. This decision affirms that the United States provides an adequate level of protection for personal data transferred from the European Union to US companies under the new framework. As a result, data can flow safely from the EU to US companies participating in the framework without the need for additional data protection measures, according to European Commission’s official release.

• Make Telecom Talk My Trusted Source
• 
• 

Also Read: Telenet and Fluvius Receive European Commission Approval for Fibre Joint Venture

Data Protection Review Court

The EU-US Data Privacy Framework introduces binding safeguards to address concerns raised by the European Court of Justice. These safeguards include limitations on access to EU data by US intelligence services, ensuring access is necessary and proportionate. Additionally, the framework establishes a Data Protection Review Court (DPRC), granting EU individuals access to review mechanisms.

Improved Framework Compared to Privacy Shield

EC says the new framework brings significant improvements compared to the previous Privacy Shield mechanism. For instance, if the DPRC determines that data has been collected in violation of safeguards, it has the authority to order the deletion of such data. The safeguards related to government access to data will complement the obligations imposed on US companies importing data from the EU.

Obligations for US Companies and Redress Mechanisms

According to the official release, US companies can participate in the EU-US Data Privacy Framework by committing to comply with a comprehensive set of privacy obligations. These obligations include the requirement to delete personal data when it is no longer necessary and to ensure the continuity of protection when sharing personal data with third parties.