Privacy and Data Protection: The European Commission's New EU-US Adjustment Decision - 🏆 Managed Server
July 10 2023

Privacy and Data Protection: The European Commission's New EU-US Adjustment Decision

It becomes possible again to export personal data to US countries that are recognized as GDPR Compliant

Europe Flag with Padlock GDPR Banner

Today the European Commission has taken a new adequacy decision regarding the EU-US framework for the protection of personal data. Concluding that the US provides an adequate level of protection, similar to that of the European Union, for personal data transferred from the EU to US companies under the new framework. This decision allows for a secure flow of personal data from the EU to US companies that join the framework, without additional data protection requirements.

The New EU-US Data Protection Framework

The EU-US framework for the protection of personal data introduces new binding measures to address all the concerns expressed by the Court of Justice of the European Union. These include limiting US intelligence services' access to EU data to what is necessary and proportionate, and creating a Data Protection Review Court (DPRC), accessible to citizens of the EU. EU. The new framework brings significant improvements over the previous Privacy Shield mechanism. For example, if the DPRC believes that the data has been collected in violation of the new guarantees, it can order their deletion.

President Ursula von der Leyen said: “The new EU-US framework for the protection of personal data will ensure secure data flows for European citizens and bring legal certainty to businesses on both sides of the Atlantic… This shows that, working together, we can tackle the most complex issues.”

Protections and Obligations for US Businesses

American companies can join the EU-US framework for personal data protection by committing to a detailed set of privacy obligations. These include the obligation to erase personal data when it is no longer needed for the purpose for which it was collected and to ensure continuity of protection when personal data is shared with third parties.

Recourses and Guarantees for EU Citizens

The EU-US personal data protection framework introduces innovative binding safeguards to address all concerns raised by the Court of Justice of the European Union. This includes limiting access to European data by US intelligence services to the necessary and proportionate amount, and establishing a specific Data Protection Review Court (DPRC), to which the EU citizens will be able to access. The new framework brings significant improvements over the existing mechanism under the Privacy Shield. For example, if the DPRC determines that the data has been collected in violation of the new guarantees, it can order its deletion. The new safeguards regarding access to data by public authorities will complement the obligations that US companies importing data from the EU will have to meet.

Further Implications and Next Steps

The guarantees offered by the United States will also facilitate transatlantic data flows in general, as they also apply when data is transferred through other means, such as standard contractual clauses and binding corporate rules.

The functioning of the EU-US framework for the protection of personal data will be subject to periodic reviews by the European Commission in collaboration with representatives of the European data protection authorities and the competent US authorities.

Scope and Regulatory Context

Article 45(3) of the General Data Protection Regulation (GDPR) gives the European Commission the ability to determine, through enforcement measures, whether an external country offers “an adequate level of protection”. This translates into personal data protection which is essentially equivalent to that guaranteed in the European Union. By virtue of an adequacy decision, personal data can flow freely from the EU (and also from Norway, Liechtenstein and Iceland) to a third country, without encountering further obstacles.

Reformulation of the Regulatory Framework after the Previous Decision

Following the annulment of the previous EU-US Privacy Shield adequacy agreement by the Court of Justice of the EU, the European Commission and the US government entered into conversations on a new framework addressing the issues raised by the Tribunal.

In March 2022, President Ursula von der Leyen and President Joe Biden announced that they had reached agreement in principle on a new framework for transatlantic data flows, following negotiations between Commissioner Reynders and the States' Secretary of Trade Gina Raimondo joined. In October 2022, President Biden signed an executive order to strengthen safeguards applicable to US-led signals intelligence activities, which was complemented by regulations issued by US Attorney General Merrick Garland. These two instruments, taken together, implemented the commitments made by the United States under the Agreement in Principles into US law and extended the obligations to US companies that fall under the EU-US framework for the protection of personal data.

Fundamentals of the New US Regulatory Framework

A cornerstone of the US legal framework establishing these safeguards is the Presidential Executive Order on Enhancing Safeguards Applicable to US-led Signals Intelligence Activities. This order responds to the concerns expressed by the Court of Justice of the European Union in the Schrems II decision of July 2020.

Management and Control of the Regulatory Framework

The data protection framework is managed and monitored by the US Department of Commerce. The US Federal Trade Commission will ensure that US companies comply with the provisions of the framework.

Conclusion

In conclusion, the adoption of the new EU-US data protection framework represents an important step forward in protecting the privacy of EU citizens. Binding safeguards, limiting access to data by US intelligence services and the establishment of the Data Protection Review Court are crucial elements of this new system. The evolution from the previous Privacy Shield is significant, with the addition of stronger security measures and greater transparency. US companies importing data from the EU will now be subject to stricter obligations, thus ensuring better protection of European citizens' personal data. This represents a major leap forward towards a future where data privacy is respected on both sides of the Atlantic.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

Back to top