On July 10, the European Commission issued its Commission Implementing Decision (adequacy decision) to permit the transfer of personal data from the European economic area (i.e., the 27 EU member states, plus Norway, Iceland and Liechtenstein) (EEA) to the United States under the new EU-US data privacy framework (DPF). One week later, the U.S. Department of Commerce launched its DPF program website (www.dataprivacyframework.gov) to permit U.S. companies to certify under the program. Here are five things to know.

What Is an Adequacy Decision?

An adequacy decision is one rendered by the European Commission determining that a third country offers an adequate level of personal data protection and data rights to EU residents. The test “is whether, through the substance of privacy rights and their effective implementation, supervision and enforcement, the foreign system as a whole delivers the required level of protection.” The impact of an adequacy decision is that personal data may flow from the EEA to that third country without being subject to any further conditions or authorizations.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]