U.S. Fulfills Its Commitments to Implement the EU-U.S. Data Privacy Framework
On July 3, 2023, U.S. Secretary of Commerce Gina Raimondo announced that the U.S. fulfilled its commitments that were prerequisites to the implementation of the EU-U.S. Data Privacy Framework (Framework). These steps are expected to allow the EU to move forward with the adoption of an adequacy decision for the Framework. The steps taken by the U.S. were two-fold. First, on June 30, 2023, U.S. Attorney General Merrick Garland designated the European Union (EU) and three additional countries that make up the European Economic Area (EEA) as ‘qualifying states’ for purposes of implementing the redress mechanism established under President Biden’s Executive Order on Enhancing Safeguards for U.S. Signals Intelligence Activities (Executive Order). This designation will take effect on the date the European Commission adopts the adequacy decision. Then, on July 3, 2023, the Office of the Director of National Intelligence (ODNI) confirmed that the U.S. Intelligence Community had adopted policies and procedures pursuant to the Executive Order. These policies took effect on June 30, 2023.
This announcement brings U.S. and EU businesses one step closer to having an additional legal mechanism, other than Standard Contractual Clauses or Binding Corporate Rules, for transfers of personal information from the EU to the U.S.; an option that has not existed since the Privacy Shield was invalidated by the Court of Justice for the EU in 2020.
In the coming weeks, the European Commission is expected to adopt the adequacy decision for the Framework. Once the adequacy decision is finalized, the U.S. Department of Commerce will (i) provide information on how U.S. businesses that currently are not covered under the Privacy Shield can self-certify to the new Framework, and (ii) provide guidance to those companies that continued to adhere to the Privacy Shield Principles during the past three years.
Wiley’s Privacy, Cyber & Data Governance Team has helped companies of all sizes from various sectors proactively address risks and comply with new privacy laws and requirements. Please contact Joan Stewart (firstname.lastname@example.org) or Tyler Bridegan (email@example.com) with any questions.