In March of 2022, the European Commission and the United States reached a preliminary agreement for a Trans-Atlantic Data Privacy Framework. This agreement was based on several key principles that aim to enable data to flow freely and safely between the EU and participating U.S. companies, while also limiting access to data by U.S. intelligence authorities to only what is necessary and proportionate for national security purposes.
Under the new framework, U.S. intelligence agencies will adopt procedures to ensure effective oversight of new privacy and civil liberties standards, and there will be a new two-tier redress system in place to investigate and resolve complaints of Europeans regarding access to data by U.S. intelligence authorities. This redress system includes a Data Protection Review Court.
Companies that process data transferred from the EU will have strong obligations and will be required to self-certify their adherence to the principles through the U.S. Department of Commerce. Additionally, there will be specific monitoring and review mechanisms in place.
The benefits of this deal include adequate protection of Europeans’ data transferred to the US, safe and secure data flows, a durable and reliable legal basis, a competitive digital economy, and continued data flows underpinning €900 billion in cross-border commerce every year.
Moving forward, the agreement in principle will be translated into legal documents, with the U.S. commitments being included in an Executive Order that will form the basis of a draft adequacy decision by the Commission to put in place the new Trans-Atlantic Data Privacy Framework.
To conclude, the Trans-Atlantic Data Privacy Framework agreement in principle is a significant development for both the EU and the U.S. It will enable data to flow freely and safely between these two regions while ensuring that the privacy and civil liberties of EU citizens are protected.