enardeitjaptrues

The European Commission announced Tuesday that is has officially begun the process of approving the EU-US Data Privacy Framework—hammered together to allow the flow of data between the US and the European Union—after concluding that the framework provides privacy safeguards comparable to those of the EU.

After President Biden signed the executive order that implemented rules for the Trans-Atlantic Data Policy Framework in the US in October, the Commission conducted an assessment into the US legal framework that the bill was based upon. That assessment, released Tuesday, says that the legislation ensures an adequate level of protection for personal data transferred from the EU to US companies.

Now, the draft adequacy decision has been transmitted to the European Data Protection Board (EDPB) for its opinion.

Once the EDPB has given its approval, the Commission must then seek approval from a committee comprising representatives from EU member states, as well as the European Parliament, which has a right of scrutiny over adequacy decisions. Only then can the Commission proceed with formally adopting the legislation.

If passed, the framework will mean US companies will have to agree to comply with a detailed set of privacy regulations, including the requirement to delete personal data when it is no longer necessary for the purpose for which it was collected, and to ensure continuity of protection when personal data is shared with third parties. The regulations essentially are supposed to ensure that data flow between the US and EU adheres to the EU's GDPR privacy regulations.

Additionally, EU citizens will benefit from several redress avenues if their personal data is handled in violation of the framework and will have the possibility to obtain redress regarding the collection and use of their data by US intelligence agencies before an independent and impartial redress mechanism, which includes a newly created Data Protection Review Court.