Home News The new EU-US privacy agreement to allow data transfer  

The new EU-US privacy agreement to allow data transfer  

August 31, 2023

On 10 July, the European Commission decided that the EU-US Privacy Framework was adequate and provides assurances that the level of protection is equivalent to that of the European Union. This presupposes the secure flow of personal data from the EU to US companies participating in the Framework, without the need for additional data protection safeguards.   

As a novelty, the Framework introduces new binding obligations, including limiting access to EU data by US intelligence services to what is strictly necessary and proportionate .  

The other major innovation is the creation of the Data Protection Review Court, which will be responsible for investigating and resolving complaints independently and will be able to impose binding remedies.   

The creation of this body is a significant improvement compared to the mechanism that existed under the Privacy Shield, as it will have sufficient power to require the deletion of data that has been collected in breach of the new safeguards.  

A privacy framework that brings new obligations  

This new legal framework represents a major step forward in terms of personal data protection, as US companies importing data from the EU will be able to adhere to the privacy framework as long as they commit to a series of obligations. Examples of such commitments include the requirement to erase personal data when it is no longer needed for the purpose for which it was collected, or the guarantee of continued protection in case of sharing personal data with third parties.   

This provides European citizens with several options of redress when they identify that their personal data are improperly processed by US companies. Among the avenues of redress available to them are the independent and free dispute resolution mechanisms and the aforementioned Arbitral Court   

Finally, it is worth highlighting the commitment of the European Commission, together with the competent US authorities, to periodically review the functioning of the EU-US Data Privacy Framework, which will have its first review before the end of the first year after its entry into force. 

Article by Imma Martí.

Do you want us to help you?

Contact us and we will put a team of experts at your disposal.