Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
The EU-U.S. Data Privacy Framework: Did Transferring Personal Data from the EU to the U.S. Just Get Easier?
On July 10, 2023, the European Commission formally approved the EU-U.S. Data Privacy Framework (DPF) by adopting an "adequacy decision." Adequacy decisions are one of the legal mechanisms under the EU's General Data Protection Regulation (GDPR) for transferring personal data from the EU to third countries which, in the eyes of the European Commission, offer sufficient privacy and data protection. The DPF adequacy decision recognizes that, although the United States has a different approach to data protection than the EU, personal data transferred to the U.S. under the DPF is considered to be adequately protected in line with the GDPR's rules on international data transfers. The European Commission takes the position that personal data can flow freely and safely from the EU to U.S. companies that are participating in the new Framework.
Transfers of personal data from the EU to the U.S. have generated much controversy over the past few years. In 2020, the Court of Justice of the EU invalidated the DPF's predecessor, the EU-U.S. Privacy Shield, following a complaint by Austrian privacy activist Maximilian Schrems and his nonprofit organization NOYB — European Center for Digital Rights (known as the Schrems II case). In the Schrems II case, questions were raised about how personal data of EU users of social network Facebook was available to U.S. authorities (e.g., the National Security Agency) in a manner that was considered incompatible with the EU Charter of Fundamental Rights. The Court of Justice was particularly concerned that U.S. intelligence agencies could access personal data from EU individuals beyond what is necessary and proportionate and that there was no independent and impartial redress mechanism to handle complaints from EU individuals.
In the wake of the Schrems II case, the European Commission and the U.S. government engaged in intense negotiations to set up a new and enhanced EU-U.S. data transfer structure — the DPF — that addresses the concerns of the Court of Justice. In support of this initiative, U.S. President Joe Biden signed an Executive Order that aims to provide additional protections for EU individuals whose personal data is transferred to the U.S., including:
- Data access limitations imposed on the U.S. intelligence community to ensure that they only access what is necessary and proportionate to protect national security.
- Enhanced oversight of the surveillance activities that U.S. intelligence agencies are involved in.
- The creation of a new, two-layered redress mechanism for handling and resolving complaints from EU individuals with concerns about the (potential) collection and use of their personal data by the U.S. intelligence community. The new mechanism features a low entry threshold: EU individuals will be able to submit complaints to their local data protection authority in their own language. The data protection authority will subsequently transmit the complaints to the United States (via the European Data Protection Board).
Following a lengthy assessment, the European Commission ultimately found that the additional data access limitations, safeguards and redress possibilities that the United States has committed to implement in the context of the new Framework suffice to ensure an adequate level of protection for personal data transferred from the EU to companies participating in the DPF.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Major Differences In UK, U.S. Copyright Laws
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.
Removing Restrictive Covenants In New York
In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?