EU-US Data Protection and Privacy Agreement
Article dated: July 14, 2023
The new EU-US Data Privacy Framework has recently been established to enhance the protection of personal data transferred between the United States and the European Union. This framework replaces the previous agreement known as the EU-US Privacy Shield, which was invalidated by the Court of Justice of the European Union (CJEU) in July 2020.
The new US-EU Data Privacy Framework, officially called the “EU-US Data Protection and Privacy Agreement,” aims to address the concerns raised by the CJEU regarding the previous agreement and ensure the safeguarding of personal data during international transfers. The framework is built upon a series of commitments and obligations that the United States and the European Union have agreed to undertake.
Key features of the updated framework include:
- Improved Transparency: Emphasis is placed on transparency, requiring organizations to provide clear and easily understandable information about their data protection practices and individuals’ rights regarding their personal data.
- Strengthened Obligations for US Businesses: US businesses seeking to transfer personal data from the EU are subject to more stringent obligations, including handling access requests from individuals, data transfer to third parties, and the retention and security of personal data.
- Enhanced Oversight and Enforcement: The framework establishes robust mechanisms for oversight and enforcement to ensure compliance. This includes the establishment of an ombudsperson mechanism within the US Department of State, responsible for addressing complaints from EU individuals regarding the access, use, or disclosure of their personal data by US national security authorities.
- Recourse Options for Individuals: The new framework guarantees effective remedies for individuals whose personal data is misused or mishandled. This includes the availability of alternative dispute resolution mechanisms and free-of-charge dispute resolution procedures.
- Regular Evaluation: The US-EU Data Protection and Privacy Agreement will undergo an annual joint review to assess its functionality and effectiveness, allowing for adjustments and improvements as necessary.
It is crucial for your organization to stay informed about these developments and ensure compliance with the new data privacy framework when dealing with personal data transfers between the United States and the European Union.