EU updates US-facing privacy requirements

[ad_1]

Aug. 1, 2023

The European Union has indicated its support for the American Data Privacy Framework (DPF), with the European Commission stating that it deemed the framework sufficient as the legal basis for transfer of personal data from Europe to the U.S., according to a report from Pressebox.

With this announcement, it is possible for personal data from Europe to be transferred to certified American companies without additional standard contractual clauses, though it is still required for firms to complete an order processing contract under Article 28 of the General Data Protection Regulation (GDPR).

The announcement included these amendments:

  • Limitation of access rights by the American intelligence services.
  • Establishment of an American court to review data protection.
  • New rights for EU citizens, such as the right of access to data or the right to delete inaccurate or unlawfully stored information.
  • The establishment of an independent dispute resolution body.

The report states that according to the U.S. Department of Commerce, companies already certified under the Privacy Shield should not need additional action to gain compliance with the updated data privacy regulations, but due to the complexity of privacy and legal issues, companies ought to retain legal counsel to prepare for any unforeseen issues with the new regulations.

“Supplementary standard contractual clauses could be a more solid basis for data transfer,” Karsten Neumann, data protection expert at global consulting firm Ecovis, said in the report. “Since the issue of data protection and data transfer to the USA is complex, companies should seek legal advice.”

[ad_2]

Source link

You May Also Like

About the Author: Chimdi Blaise