In recent news, the topic of Transatlantic Data Transfers and the EU-US Data Privacy Framework (DPF) has gained significant momentum. On February 14, 2023, the European Parliament’s Committee on Civil Liberties, Justice and Internal Affairs released a draft motion for a resolution on the adequacy of personal data protection under the DPF (RD_ statements (europa.eu). Additionally, on February 28, 2023, the European Data Protection Board (EDPB) published Opinion 5/2023 on the draft adequacy decision of the Commission under the DPF. While the DPF is designed to facilitate data transfers from Europe to the US, concerns remain on the level of data protection it provides.
Parliament’s Draft Motion to Resolution 2023/2501 (RSP)
The draft resolution calls for continued negotiations between the European Commission and the United States to establish comparable levels of personal data protection in both regions. Congress has concluded that the DPF has failed to establish an equivalent level of data protection. Despite recognizing the economic and innovative importance of personal data transfers, Congress has criticized the current US legal framework for personal data protection, particularly Executive Order 14086 (EO), for being unclear, imprecise, and unpredictable.
EDPB’s Opinion on May 2023
The EDPB believes that the EO, as part of the DPF, will lead to significantly improved levels of personal data protection compared to the US Privacy Shield. However, the EDPB continues to raise concerns that need to be addressed, including data subject rights, the lack of key definitions and clarity regarding the application of the DPF to data subjects, and extensive exceptions to processors and publicly available information.
Next
While the parliamentary resolution and EDPB opinion are not legally binding, they play important roles in the adequacy determination process. An adequacy decision by the European Commission is likely to be adopted under the DPF, but the EDPB’s concerns will need to be addressed to provide further clarity and a solid basis for the decision. The ball is now in the Commission’s court, and it remains to be seen whether an adequacy decision will be adopted in a timely manner. Nevertheless, the European Commission is actively working on this issue.
DELTA Data Protection & Compliance, Inc. Academy & Consulting – The DELTA NEWS – Visit: delta-compliance.com
