Privacy Shield replacement arrives – in the EU

President Biden has signed the Executive Order which heralds the way for the EU-US DPF (Data Privacy Framework), announced by him and European Commission President von der Leyen in March 2022.

This will restore an important legal basis for transatlantic data flows, and address the concerns of the European Courts of Justice, which resulted in them declaring Privacy Shield invalid in July 2020.

Since that time, most data flows to the US have relied on Standard Contractual Clauses and now International Data Transfer Agreements which are replacing SCC’s, but they were not ideal.

Hopefully, the EU-US DPF will offer more resilient data protection. Of course, this is all between the EU and the US, so it won’t automatically apply to the UK; we need to wait for our own discussions with the US to conclude.

If your organisation has bases in the EU, or processes the data of EU citizens or residents, this will likely have an impact for you.

If you would like to talk about its impact on your organisation, you are welcome to get in touch in any of the normal ways, use or by booking a 20-minute insight call at (for TinoPai members, but it’s free to join, and you get lots of other benefits including free live and on-demand webinars).