European privacy principles, prepared by a business and approved by the relevant regulator. BCRs can be used instead of the Safe Harbor, Privacy Shield, or model contract clauses as a way to meet the “adequacy” test imposed by the EU. As the Safe Harbor and Privacy Shield came under strong EU criticism and was ultimately invalidated, the use of model contracts and BCRs by American businesses for compliance has increased. Where are we today with GDPR cross border transfer prohibitions? Data Privacy Framework In October 2022, President Biden issued Executive Order (EO) 14086 to bolster privacy and civil liberties safeguards with regard to U.S. signals intelligence. EO 14086 provided stronger safeguards and created a new redress mechanism, fully addressing the concerns raised by the CJEU in 2020. On July 10, 2023, the EU adopted an adequacy decision for the EU-U.S. Data Privacy Framework (DPF) after determining that the additional safeguards included in EO 14086 and the EU-U.S. DPF provided an adequate level of protection for personal data transferred from the European Union. The adequacy decision allows the EU-U.S. DPF to facilitate the transfer of data from Europe to the United States, benefiting companies and individuals on both sides of the Atlantic. The safeguards developed within the Data Privacy Framework, including national security commitments from the U.S. and its redress mechanism with the creation of the Data Protection Review Court, have been designed to apply to “any transatlantic data flow regardless of the instrument to use. Alternative mechanisms like Standard Contractual Clauses and Binding Corporate Rules can now show on transfer impact assessments that requirements around national security and government access are fulfilled and compliant under the Data Privacy Framework’s enhanced protections.
154
Made with FlippingBook - Online Brochure Maker