On July 10, 2023, the European Fee formally accepted the EU-U.S. Data Privacy Framework (DPF) by adopting an “adequacy determination.” Adequacy choices are one of many authorized mechanisms beneath the EU’s General Data Protection Regulation (GDPR) for transferring private knowledge from the EU to 3rd international locations which, within the eyes of the European Fee, supply ample privateness and knowledge safety. The DPF adequacy determination acknowledges that, though the US has a distinct strategy to knowledge safety than the EU, private knowledge transferred to the U.S. beneath the DPF is taken into account to be adequately protected according to the GDPR’s guidelines on worldwide knowledge transfers. The European Fee takes the place that non-public knowledge can movement freely and safely from the EU to U.S. firms which are collaborating within the new Framework.
Transfers of non-public knowledge from the EU to the U.S. have generated a lot controversy over the previous few years. In 2020, the Courtroom of Justice of the EU invalidated the DPF’s predecessor, the EU-U.S. Privateness Protect, following a criticism by Austrian privateness activist Maximilian Schrems and his nonprofit group NOYB — European Middle for Digital Rights (generally known as the Schrems II case). Within the Schrems II case, questions have been raised about how private knowledge of EU customers of social community Fb was accessible to U.S. authorities (e.g., the Nationwide Safety Company) in a way that was thought-about incompatible with the EU Constitution of Basic Rights. The Courtroom of Justice was notably involved that U.S. intelligence companies may entry private knowledge from EU people past what is critical and proportionate and that there was no impartial and neutral redress mechanism to deal with complaints from EU people.
