EU–US Data Privacy Framework
   HOME

TheInfoList



Click Here for Items Related To - EU–US Data Privacy Framework
OR:
EU–US Data Privacy Framework on:   [Wikipedia]   [Google]   [Amazon]

The EU–US Data Privacy Framework is a European Union–United States data transfer framework that was agreed to in 2022 and declared adequate by the
European Commission The European Commission (EC) is the primary Executive (government), executive arm of the European Union (EU). It operates as a cabinet government, with a number of European Commissioner, members of the Commission (directorial system, informall ...
in 2023. Previous such regimes—the
EU–US Privacy Shield The EU–US Privacy Shield was a legal framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. One of its purposes was to enable US companies to more easily receive ...
(2016–2020) and the
International Safe Harbor Privacy Principles The International Safe Harbor Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data fro ...
(2000–2015)—were declared invalid by the
European Court of Justice The European Court of Justice (ECJ), officially the Court of Justice (), is the supreme court of the European Union in matters of European Union law. As a part of the Court of Justice of the European Union, it is tasked with interpreting ...
in part due to concerns that personal data leaving EU borders is subject to sweeping US government surveillance. The EU-US Data Privacy Framework is intended to address these concerns. After the invalidation of the EU–US Privacy Shield in July 2020, companies wishing to transfer data between the EU and the US "have faced confusion, higher compliance costs, and challenges for EU–US business relationships". The
European Parliament The European Parliament (EP) is one of the two legislative bodies of the European Union and one of its seven institutions. Together with the Council of the European Union (known as the Council and informally as the Council of Ministers), it ...
raised substantial doubts whether the new agreement reached by
Ursula von der Leyen Ursula Gertrud von der Leyen (; ; born 8 October 1958) is a German politician, serving as president of the European Commission since 2019. She served in the Cabinet of Germany, German federal government between 2005 and 2019, holding position ...
actually conforms with EU laws, as it still does not sufficiently protect EU citizens from US
mass surveillance Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by Local government, local and federal governments or intell ...
and fails to enforce basic human digital rights in the EU. In May 2023, a resolution on this matter passed the European Parliament with 306 votes in favor and 27 against. The NGO NOYB (European Center for Digital Rights) has announced that it will challenge the framework again before the
European Court of Justice The European Court of Justice (ECJ), officially the Court of Justice (), is the supreme court of the European Union in matters of European Union law. As a part of the Court of Justice of the European Union, it is tasked with interpreting ...
.


History

On March 25, 2022, it was announced that the European Commission and the United States had committed to a "Trans-Atlantic Data Privacy Framework" in reaction to the failure of the EU-US Privacy Shield. In October 2022, U.S. President
Joe Biden Joseph Robinette Biden Jr. (born November 20, 1942) is an American politician who was the 46th president of the United States from 2021 to 2025. A member of the Democratic Party (United States), Democratic Party, he served as the 47th vice p ...
signed an executive order to implement the framework. In May of 2023, the European Data Protection Board approved the Commission's adequacy decision draft that was published on December 13, 2022. Although not binding on the European Commission, on 11 May 2023 the European Parliament voted in favour of a resolution calling on the Commission to renegotiate the Framework and not to adopt an adequacy finding on the basis that "the EU–U.S. Data Privacy Framework fails to create essential equivalence in the level of protection". On July 10 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, thereby allowing transfer of personal data from the EU to the U.S. on the basis of Article 45 of the
GDPR The General Data Protection Regulation (Regulation (EU) 2016/679), abbreviated GDPR, is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of ...
. Under the new Trump Administration doubts have arisen as to the future of the Framework.


Data Protection Review Court

The Data Protection Review Court (DPRC) is a
three-judge panel A judicial panel is a set of judges who sit together to hear a cause of action, most frequently an appeal from a ruling of a trial court judge. Panels are used in contrast to single-judge appeals, and hearings, which involves all of the judges of ...
, established in
Executive Order In the United States, an executive order is a directive by the president of the United States that manages operations of the federal government. The legal or constitutional basis for executive orders has multiple sources. Article Two of the ...
14086 of 7 October 2022, which will deal with appeals made to the decisions of the Civil Liberties Protection Officer of the Office of the
Director of National Intelligence The director of national intelligence (DNI) is a Cabinet of the United States#Current Cabinet and Cabinet-rank officials, cabinet-level Federal government of the United States, United States government intelligence and security official. The p ...
as described by the EU-U.S. Privacy Framework. The decisions made by the DPRC have binding authority. There has been criticism.


See also

*
Data Protection Directive The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, was a European Union directive which regulated the processing of personal data within the European Union (EU) and the free movement of such data. The Data ...
*
Digital privacy Digital privacy is often used in contexts that promote advocacy on behalf of individual and consumer privacy rights in e-services and is typically used in opposition to the business practices of many e-marketers, businesses, and companies to coll ...
*
General Data Protection Regulation The General Data Protection Regulation (Regulation (EU) 2016/679), abbreviated GDPR, is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of ...
*
Safe harbor (law) A safe harbor is a provision of a statute or a regulation that specifies that certain conduct will be deemed not to violate a given rule. It is usually found in connection with a more-vague, overall standard. By contrast, "''un''safe harbors" ...
*US
Privacy and Civil Liberties Oversight Board The Privacy and Civil Liberties Oversight Board (PCLOB) is an independent agency within the executive branch of the United States government, established by Congress in 2004 to advise the President and other senior executive branch officials to e ...
(PCLOB)


References

{{reflist


External links


EU-US data transfers
webpage of the
European Commission The European Commission (EC) is the primary Executive (government), executive arm of the European Union (EU). It operates as a cabinet government, with a number of European Commissioner, members of the Commission (directorial system, informall ...

Data Privacy Framework List
website of the US
International Trade Administration The International Trade Administration (ITA) is an agency in the United States Department of Commerce that promotes United States exports of nonagricultural U.S. goods and services. Duties The ITA's stated goals are to # Provide practical info ...

Commission Implementing Decision EU 2023/1795
of the European Commission on
EUR-Lex EUR-Lex is the official online database of European Union law and other public documents of the European Union (EU), published in 24 official Languages of the European Union, languages of the EU. The Official Journal of the European Union, Offici ...

28 CFR Part 201
(Data Protection Review Court) of the US
Code of Federal Regulations In the law of the United States, the ''Code of Federal Regulations'' (''CFR'') is the codification of the general and permanent regulatory law, regulations promulgated by the executive departments and agencies of the federal government of the ...
from the LII
28 CFR Part 201
(Data Protection Review Court) of the US Code of Federal Regulations from the OFR Information privacy International law Privacy law United States–European Union relations