The European Commission and the United States of America have reached an agreement in principle on the adoption of a Transatlantic Privacy Framework, according to the Commission’s 25/3/2022 Press Release.
Key principles to be adopted:
- Under the new framework, data will be able to flow freely and securely between the EU and US companies participating in the framework.
- A new set of rules and binding safeguards that will limit access to data by US intelligence agencies to what is necessary and proportionate to protect national security. U.S. intelligence agencies will adopt procedures to ensure effective oversight of the new privacy and civil liberties standards.
- A new two-tiered appeal system to investigate and resolve complaints by European citizens about access to data by US intelligence agencies, including a Data Protection Review Tribunal.
- Strong obligations for companies processing data transferred from the EU, which will continue to include a requirement for companies to certify their own compliance through the US Department of Commerce.
- Specific monitoring and review mechanisms.
Agreement benefits:
- Adequate protection of data of European citizens transferred to the US, taking into account the European Court of Justice ruling (Scherms II)
- Secure data flows
- Lasting and reliable legal basis
- Secure and reliable data protection
- Continuous data flows supporting cross-border trade €900 billion every year.
Next steps: The agreement in principle will be translated into legal documents. US commitments will be included in an Executive Order that will form the basis for the European Commission’s draft adequacy decision on the implementation of the new transatlantic data protection framework.
© European Union, 2022
