EU and US take measures to see to the implementation of the Data Privacy Framework

Speaking at the IAPP conference in Brussels today, Neema Singh Guliani from the US Department of Commerce said that the focus is now on the implementation of the EU-US Data Privacy Framework. We want to make sure there is clear information available about the redress process for EU DPAs and individuals. Yesterday, the judges were appointed to the US Data Protection Review Court, she said. Some 2,500 companies have now signed up to the framework – but this does not include the companies that are in the pipeline.

6,000 companies were signed up to the Privacy Shield but this new framework was only adopted a couple of months ago, Bruno Gencarelli of the European Commission said. The first evaluation of the framework will take place in July 2024.

Gencarelli said that the Commission will publish a report on the existing adequacy decisions by the end of the year. We are currently negotiating with different jurisdictions, Brazil for example. We could see more mutual adequacy decision such as the one we have with Japan. There is also a network effect of adequacy decisions – for example, many other countries now recognise Korea’s adequacy after the EU decision, he said.

When asked about the possibility of a new challenge to the EU-US Data Privacy Framework to the Court of Justice of the European Union, Gencarelli said that litigation is healthy. It is not an issue itself, the issue is developing something that can pass the test. “We believe we are now in a different place compared with the previous situation. We have applied the clear criteria from the Schrems 2 decision and addressed specifically the requirements of the court”, he explained.

See US Dept of Justice - The Data Protection Review Court

The IAPP conference continues tomorrow.

Read more about these issues in PL&B Reports