European Union Approves Privacy Shield Successor to Govern Data Transfers to the U.S.
By Laura Bacon, Hudson Cook LLP
On July 10, 2023, the European Commission adopted its adequacy decision for the E.U.–U.S. Data Privacy Framework, approving the self-certification program’s use for data transfers from the European Economic Area to the United States. The Data Privacy Framework replaces the now-invalidated E.U.-U.S. Privacy Shield and permits data exporters subject to the European Union’s General Data Protection Regulation to transfer personal data to the U.S. The adoption of an adequacy decision based on the Data Privacy Framework provides legal certainty for U.S. companies receiing data from the E.U.
In 2020, the Court of Justice of the European Union (CJEU) invalidated the use of Privacy Shield as an adequate means for transferring personal data from Europe to the U.S. because of the lack of protections related to U.S. intelligence activities. In the past year, European privacy regulators have ordered U.S. companies to stop sending information about their clients and users in the E.U. to the U.S., and major American technology companies have warned that they may have to shut down European operations.