EU grants data transfer pact to US following tightening of US data protection standards News
geralt / Pixabay
EU grants data transfer pact to US following tightening of US data protection standards

The European Commission issued an adequacy decision on Monday regarding data transfers to the US. The decision means that the US has officially adopted an adequate data protection standard for the EU to participate in the EU-US Data Privacy Framework. The decision eases the way for multinational corporations operating in both the US and the EU. 

The EU explained the impact of the decision, stating:

[T]he United States ensures an adequate level of protection for personal data transferred from the EU to companies participating in the EU-U.S. Data Privacy Framework. With the adoption of the adequacy decision, European entities are able to transfer personal data to participating companies in the United States, without having to put in place additional data protection safeguards.

The US Department of Commerce will be responsible for implementing the newly designed framework. Specifically, they will oversee the process of certification of data applications and compliance monitoring.

The decision follows US President Joe Biden’s July 3 executive order, which established limitations on US intelligence agencies’ access to foreign-origin data. The executive order restricted the agencies’ access to only that data which is deemed necessary.

Previously, the transfer of sensitive data from the EU to the US required the utilization of standard contract clauses. Under that system, even for a single entity, EU-based companies were required to draft contractual agreements with US-based companies before any data could be transferred. 

The EU’s previous attempt to establish a mechanism for the secure transfer of data, known as the Privacy Shield, was invalidated only years after its implementation by the EU Court of Justice (ECJ) in 2020. The primary reason behind the termination of the Privacy Shield was due to a conflict between US surveillance laws and the individual rights of EU citizens. Under US law, authorities are granted broad access to foreign individuals’ personal data, which directly contradicts provisions set forth in the EU’s General Data Protection Regulation (GDPR).

The adequacy decision took effect immediately upon its adoption Monday. That said, the European Commission intends to continue to monitor the efficacy of the new framework, which may be altered to include additional operational restrictions, as deemed necessary. The EU and the US are also currently weighing the establishment of an impartial mechanism to address complaints from Europeans concerning the collection of their personal data for national security purposes.

THIS DAY @ LAW

Abraham Lincoln approves Confiscation Act

On July 17, 1862, President Abraham Lincoln signed the Second Confiscation Act, which among other things allowed for the confiscation of private property in rebel territory, without due process or any opportunity for defense. Learn more about the Confiscation Act of 1862.

Potsdam Conference Opens

On July 17, 1945, a conference attended by US President Harry Truman, UK Prime Minister Winston Churchill, and USSR leader Joseph Stalin opened in Postdam, Germany. Along with the Yalta Conference a few months prior, Potsdam created the post-World War II world order. Learn more about the Postdam Conference from the Harry S. Truman Library and Museum.