Brussels, 18 July 2024
Tomorrow, Commissioner for Justice, Didier Reynders, will travel to Washington DC to conduct the first review of the new framework for safe and trusted EU-US data flows. In its 2023 adequacy decision for the EU-US Data Privacy Framework, the Commission concluded that the US ensures an adequate level of protection for personal data transferred from the EU to US companies, comparable to that of the European Union. The functioning of the Framework is subject to periodic reviews, carried out by the European Commission, together with representatives of European data protection authorities and competent US authorities. A full report will be published by the Commission later this year.
On Friday, the Commissioner will deliver opening remarks at the launch of the review, together with US Secretary of State for Commerce, Gina Raimondo, with whom he will also meet bilaterally. Following the launch of the review, a joint press statement by Commissioner Reynders and US Secretary of State for Commerce, Gina Raimondo, will be published here. In addition, Commissioner Reynders will also meet with US Attorney General, Merrick Garland.
More information on EU-US data flows is also available here.
EU-US data transfers
How personal data transferred between the EU and US is protected.
- Commercial sector: adequacy decision on the EU-US Data Privacy Framework
- Law enforcement cooperation: EU-US Umbrella Agreement
Commercial sector: adequacy decision on the EU-US Data Privacy Framework
On 10 July the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework. On the basis of the adequacy decision, personal data can flow freely from the EU to companies in the United States that participate in the Data Privacy Framework.
The adequacy decision followed the adoption of Executive Order on ‘Enhancing Safeguards for United States Signals Intelligence Activities’ by US President Biden on 7 October and a Regulation issued by the US Attorney General. These instruments introduced new binding safeguards to address the points raised by Court of Justice of the European Union in its Schrems II decision of July 2020, ensuring that data can be accessed by U.S. intelligence agencies only to the extent necessary and proportionate and establishing an independent and impartial redress mechanism to handle and resolve complaints from Europeans concerning the collection of their data for national security purposes.
The safeguards that have been put in place by the US Government in the area of national security (including the redress mechanism) apply to all data transfers under the GDPR to companies in the US, regardless of the transfer mechanims used. These safeguards therefore also faciliate the use of other tools, such as standard contractual clauses and binding corporate rules.
Law enforcement cooperation: EU-US Umbrella Agreement
The EU-US Data Protection Umbrella Agreement concluded in December 2016 introduced high privacy safeguards for transatlantic law enforcement cooperation. It contains a comprehensive set of data protection rules that apply to all transatlantic exchanges between criminal law enforcement authorities. In this way, it also strengthens law enforcement cooperation by facilitating the exchange of information. It therefore meets the two-fold objective of working with our U.S. partners to combat serious crime and terrorism while advancing the level of protection of Europeans in line with their fundamental rights and the EU data protection rules.
EU-US Data Protection Umbrella Agreement – 20 May 2016
(315.44 KB – PDF) – Download
Source – EU Commission