A couple of years ago, there was a decision in the EU that dismantled the Privacy Shield program because of the lack of safeguards on the US government access to EU citizens’s data.

In July, the EU and the USA agreed to a whole new system called the EU-US Data Privacy Framework (DPF).  Under this new agreement, there are privacy obligations that must apply to all US businesses that want to join the new framework.

The major requirements under the DPF are the following:

  1. Individuals must be informed about data processing.
  2. Free and accessible dispute resolution must be provided.
  3. Cooperation with the US Department of Commerce is a must.
  4. Limitations on purpose and data collected.
  5. Accountability for third-party data transfers.
  6. Enforcement Action transparency required.

If your business collects data from EU citizens, then your business probably needs to be compliant with the DPF.

Any questions?  Contact me/Contácteme/Contactez-moi


Attorney advertising