The draft adequacy decision follows the Commission's assessment of the US legal framework, which includes the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities2 ('the Executive Order'), signed by President Joe Biden, as well as regulations establishing a Data Protection Review Court. Both of which were issued as a direct response to the Schrems II Case and were aimed at remedying the CJEU's concerns surrounding adequate redress mechanisms for data subjects and authorities' access to data. With its draft adequacy decision, the Commission has proposed that US companies certified under the EU-US DPF will be recognised as providing an adequate level of dat
Insight
International: Commission's draft decision for EU-US DPF - the road to adequacy
December 15, 2022
Summary
The European Commission's draft adequacy decision for the EU-US Data Privacy Framework (EU-US DPF) aims to enable safe data transfers while addressing the Court of Justice of the European Union's (CJEU) concerns from the Schrems II Case. The decision assesses the US legal framework, including the Executive Order on Enhancing Safeguards for US Signals Intelligence Activities and the establishment of a Data Protection Review Court, proposing that certified US companies under the EU-US DPF provide adequate data protection. The EU-US DPF applies to personal data transferred from the EU to the US, requiring organizations to self-certify and adhere to specific Principles and Supplemental Principles. It also outlines mechanisms for data subjects to enforce their rights and seek redress, including a new arbitration panel as a last resort. The framework's adoption faces potential challenges from privacy activists, but if upheld, it could reduce reliance on other transfer mechanisms like Standard Contractual Clauses (SCCs).