The adequacy decision allows the EU-U.S. DPF to facilitate the transfer of data from Europe to the United States, benefiting companies and individuals on both sides of the Atlantic. The safeguards developed within the Data Privacy Framework, including national security commitments from the U.S. and its redress mechanism with the creation of the Data Protection Review Court, have been designed to apply to “any transatlantic data flow regardless of the instrument to use. Alternative mechanisms like Standard Contractual Clauses and Binding Corporate Rules can now show on transfer impact assessments that requirements around national security and government access are fulfilled and compliant under the Data Privacy Framework’s enhanced protections. The U.S. Department of Commerce launched the Data Privacy Framework Program website, where U.S.-based organizations can submit for self-certification and find information on the framework. Businesses that remained certified to the Privacy Shield must now comply with the new EU-U.S. Data Privacy Framework principles to receive personal data transfers from the EU and European Economic Area. Those new to the framework can initiate the self-certification process online. Businesses are required to provide details about their privacy policy, reasons for data transfers, reporting mechanisms and more. Once confirmation is received from the Department of Commerce, companies can proceed with data transfers under the DPF. As we have seen with invalidation of the Safe Harbor and Privacy Sheld frameworks this new Data Privacy Framework may likewise see legal challenges. For the time being however it is a valid legal mechanism for the cross border transfer of personal data.
150
Made with FlippingBook - Online Brochure Maker