The European Commission has adopted an agreement with the United States to reopen transatlantic data flows between the two trading blocs. The agreement, known as the EU-U.S. Data Privacy Framework (DPF), is the third attempt between the EU and U.S. to reach a deal that satisfies both sides’ privacy concerns.
The DPF includes a number of new safeguards designed to address the concerns that led to the invalidation of the previous data transfer framework, Privacy Shield. These safeguards include limits on the access U.S. intelligence agencies have to EU citizen data.
The DPF restricts access by US spy agencies to data from EU citizens. Its main purpose is to ensure that access is only allowed when it is absolutely necessary and reasonable. It also established the Data Protection Review Court (DPRC) in the United States. This court allows EU residents to appeal decisions made by US intelligence agencies about their personal data. The DPF will be implemented on July 11, 2023.
Privacy advocates have since raised concerns that the DPF does not go far enough to protect EU citizens’ privacy. They argue that the DPRC is not independent enough and that the limits on US intelligence agencies’ access to data are too weak.
The sources for this piece include an article in TheRegister.