Now that the EU-US Data Privacy Framework (DPF) has been adopted, organisations and industry practitioners are looking towards implementation and what comes next. After the CJEU invalidated the Privacy Shield agreement three years ago, companies turned to alternative transfer mechanisms such as standard contractual clauses and binding corporate rules. With the enhanced protections under the DPF, EU-based organisations can now demonstrate compliance with national security and government access requirements on transfer impact assessments. Moving forward, practitioners should consult with legal counsel and their designated data protection authorities concerning any necessary changes, but the adoption of the DPF reflects its adequacy under the EU General Data Protection Regulation.
In a related article, Pinsent Masons write that some businesses are still operating the old transfer mechanisms to transfer personal data from the EU to the US, despite the introduction of the DPF. Those businesses will still need to carry out a transfer impact assessment (TIA), but the new adequacy decision should help streamline the process.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
