Skip to Main Content

Insights

Aug. 4, 2023

European Commission’s Adequacy Decision Paves the Way for U.S. Companies to Begin Enrolling in the E.U.-U.S. Data Privacy Framework Program

By Mallory Acheson, CIPM, CIPP/E, FIP

The National Law Review

The U.S. Department of Commerce’s Data Privacy Framework (DPF) program website went live on July 17, and contains guidance documents for those companies wanting to know the costs and benefits of enrollment in the DPF program.

The DPF website is a result of the European Commission's Adequacy Decision issued on July 10 finding that the E.U.-U.S. Data Privacy Framework meets the equivalency requirements of the GDPR. The Adequacy Decision allows for the free flow of data from those countries within the European Economic Area (EEA) to those companies in the United States certifying under the Data Privacy Framework program. The DPF replaces the previously invalidated Privacy Shield and Safe Harbor agreement stemming from the Schrems I and II judgements. While the volatile history of E.U.-U.S. privacy frameworks has many predicting the DPF will be challenged in the near future, companies are nonetheless racing to finalize compliance and certifications efforts with the new DPF.

Companies who were certified under Privacy Shield will simply have to update their privacy documents to account for the new DPF. Companies that were not enrolled in Privacy Shield can go to here to enroll in the Data Privacy Framework. To be entitled to the benefits of participating in the DPF program, a company must initially self-certify and then annually re-certify to the U.S. Department of Commerce’s International Trade Administration that the company adheres to the DPF Principles.

Please contact the authors, who have their CIPP/E certification with the International Association of Privacy Professionals (IAPP), if you have questions regarding the new E.U.-U.S. Data Privacy Framework.

View the article on The National Law Review here.