The EU-US Data Privacy Framework: A New Option for Your Cross-Border Data Transfers

If you’re tired of using standard contractual clauses (SCCs) to legitimize your European personal data transfers to the US—and we bet you are—the European government has approved a practical alternative.

On July 10, 2023, the European Commission adopted an adequacy decision for the new EU-US Data Privacy Framework (DPF), aiming to bolster the uninterrupted flow of more than $7 trillion in annual transatlantic trade and investments. The DPF is the United States’ third framework to ensure adequate protections for Europeans’ personal data transferred to the US, concluding nearly a quarter-century of negotiations, agreements, and legal challenges. Companies relying on the DPF voluntarily submit to regulatory oversight of their compliance with the DPF Principles, which provide privacy protections equivalent to the EU General Data Protection Regulation.

Amy Lewis, Matt Meinel, and Michael Snodgrass discuss how BRG’s experienced team of privacy professionals can assist with evaluating whether your company should certify to the DPF. If your company decides to certify, the BRG team also can assist in assessing and developing a risk-based, principles-driven privacy program that will simplify the annual certification process.