Safe Transatlantic Data Transfer Further Confirmed
The European Commission has recently issued a new adequacy decision on EU-US Data Privacy Framework confirming a safe environment for transfer of data from the European Economic Area to the U.S.
Although the legal basis on which transatlantic data could be transferred to ensure at least the same level of protection as set within Member States has been thoroughly modified, lately it seems to have been settled by the new “Transatlantic Data Privacy Framework”. After multiple negotiations, the adequacy decision provides a basis in the law of the European Union for transfers of personal data from EU countries to the United States for commercial purposes.
EU-US Framework aims to set an instrument to enable compliance with all requirements imposed under the EU data protection legislation considering that the EU General Data Protection Regulation (GDPR) restricts transfer of personal data to third countries that might not set an adequate level of protection for personal data. In this sense, GDPR specifically recognises adequacy decisions as a valid tool confirming a proper level of protection for data when being exported.
Adopting the EU-US Framework by issuing this new adequacy decision entails mainly the setting-up of a legal background for a safe transfer of personal data to US companies certified by the US Department of Commerce.
Moreover, individuals, whose rights are strengthened, will be able to even have an initiative-taking attitude to make sure of their protection by requiring correction or deletion of incorrect or unlawfully handled data or by making use of a redress mechanism if needed. Consequently, US-headquartered companies whose activity implies cross-border data flows will be able to rely on the new framework.
This encouraging step towards a legal link created between the EU and the US in terms of data transfers seems to have been taken in light of the newly inserted legal safeguards by the US legislation. In this regard, the EU-US Framework is thought now to address previous concerns by introducing new safeguards, such as limiting access to Member State individuals’ data by US intelligence services or the need for US companies to certify that they adhere to the standards through the US Department of Commerce.
While the adequacy decision is considered to be a key facilitator in the transatlantic technology and data economy, the EU-US Framework is viewed as a step further for a more effective cooperation between companies on the two continents.