The EU-U.S. Data Privacy Framework (EU-U.S. DPF) Principles, which apply to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Principles, which apply to the Swiss-U.S. DPF are both comprised of a set of seven commonly recognized privacy principles and sixteen equally binding supplemental principles that explain and augment those seven privacy principles. The EU-U.S. DPF Principles lay out a set of requirements governing participating organizations’ use and treatment of personal data received from the European Union and, as applicable, the United Kingdom (and Gibraltar), as well as the access and recourse mechanisms that participants must provide to EU and, as applicable, UK individuals. The Swiss-U.S. DPF Principles likewise lay out a set of requirements governing participating organizations’ use and treatment of personal data received from Switzerland, as well as the access and recourse mechanisms that participants must provide to Swiss individuals. Once an organization publicly commits to comply with the DPF Principles, that commitment is enforceable under U.S. law.
The DPF Principles are available in full on the U.S. Department of Commerce’s DPF Program website at: https://www.dataprivacyframework.gov/s/article/Participation-Requirements-Data-Privacy-Framework-DPF-Principles-dpf