ARTICLE
28 April 2023

EU MEPs Adopt Resolution Against Adequacy Decision Of The EU-U.S. Data Protection Framework

FL
Foley & Lardner

Contributor

Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
Seems to be another (and maybe final) nail in the coffin for the EU-U.S. Data Privacy Framework (DPF). In a resolution from the MEPs of the EU Civil Liberties Committee, they recommended...
Worldwide Privacy

Seems to be another (and maybe final) nail in the coffin for the EU-U.S. Data Privacy Framework (DPF). In a resolution from the MEPs of the EU Civil Liberties Committee, they recommended that the EU Parliament not grant the DPF an adequacy decision that would allow for flow of personal data from the EU to the U.S. without the use of standard contractual clauses, binding corporate rules, or another lawful method of transfer. The MEPs recommendation is based on the following findings:

  • While the DPF creates the Data Protection Review Court, it took issue with the fact that its decisions would be secret, thus violating the rights to access and rectify data about them. The judges on the court could also be dismissed by the President of the United States, who could also overrule the court, reducing the court's independence.
  • They also suggest that the DPF still allows for bulk collection of personal data in some cases without independent prior authorization, and does not provide clear data retention rules.

On the bright side, in light of the invalidation of the prior Safe Harbor and Privacy Shield frameworks, the MEPs noted that the DPF should not be approved until the Commission can make sure that the DPF can withstand legal challenges - this is important to providing certainty to EU and U.S. entities.

For now, organizations who transfer personal data from the EU to the U.S. will need to continue to use the Standard Contractual Clauses (with appropriate Transfer Impact Assessments) or some other lawful approved method of transfer.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More