EU-US DP Framework: Progress, action items, and lingering questions
Nicholas Shepherd and Daniel Cooper of Covington assess the success of this framework which in the EU’s view needs more active monitoring and enforcement.
On 10 July 2023, the European Commission (Commission) issued a decision finding that US law provides an adequate level of protection for personal data transferred from the EU to the US if the recipient organization is certified under the EU-US Data Privacy Framework (DPF).(1) One year later, in July 2024, the Commission conducted its first review of that adequacy decision and published its findings in a final report on 9 October 2024.(2)
The report concluded that the US has put in place sufficient structures and procedures to ensure the DPF functions effectively. It applauded the efforts of the US and EU to that end, noting progress on a number of fronts. The report also identified several action items for EU and US officials to focus on in the days ahead, including in relation to oversight and enforcement, awareness-raising activities, and certain topics requiring further guidance.
Continue Reading
International Report subscribers, please login to access the full article |
If you wish to subscribe, please see our subscription information. |