Event 23 Oct. 2024
Counsel Mohannad El Murtadi Suleiman to Speak at the 2nd Annual Africa Arbitration Day in New York
more
Podcast 14 Oct. 2024
Curtis Law in London
Event 18 Aug. 2023
Partner Borzu Sabahi Speaks at FDI Moot Shenzhen
News 25 Jul. 2023
Partner Eric Gilioli Ranked in Top 10 Influential Energy & Natural Resources Lawyers in Kazakhstan in Business Today
News 09 Apr. 2024
Curtis Announces New Partners and Counsels Across Offices in Spring 2024
Client Alert 28 Dec. 2023
U.S. to Impose Secondary Sanctions on Non-U.S. Banks For Financing Russia’s Defense Industry
News 28 Aug. 2024
Curtis Recognized for Excellence in Arbitration in Chambers Latin America Guide 2025
Event 22 Aug. 2023
Partner Dr. Claudia Frutos-Peterson to Speak at Arbitration and ADR Commission of the ICC Mexico
News 08 Oct. 2024
Curtis Boosts London Finance and Corporate Capability with Appointment of Partner Christopher Harrison
News 15 Aug. 2023
Legal Reader Publishes Article on Dr. Majed Alotaibi’s Arrival as Senior Counsel in Curtis’ Riyadh Office
News 24 Aug. 2023
Curtis Attorneys Quoted in CoinDesk on FTX Founder Sam Bankman-Fried’s Strategy Ahead of His Criminal Trial
Client Alert 10 Jul. 2024
EU Adopts New Restrictive Measures Against Belarus
Client Alert 26 Jun. 2024
The EU Adopts its 14th Sanctions Package Against Russia
event
Daniela Della Rosa to attend first United Nations Fashion and Lifestyle Network Hub
client alert
UK Government Permits Acquisition of Shares by Company Owned by Sanctioned Oligarchs
Client Alert 01 Aug. 2023
Download the full alert with footnotes
On July 10, the European Commission officially adopted its decision on US adequacy, ushering in the new EU-US Data Privacy Framework. Despite some concerns raised by privacy advocates and the European Data Protection Board, 24 EU Member states voted in favor of the framework.
Under this framework, companies will be able to transfer data from the EU to the US after certifying their compliance with the framework’s privacy obligations.
The EU’s data privacy law, the GDPR, creates restrictions around data transfers from the EU to other countries. Under Article 45 of the statute, an entity may transfer EU personal data to a foreign country that the EU has determined ensures an “adequate level of protection for personal data.” For all other countries, any transfers of EU personal data to them must comply with Articles 46 and 49 of the GDPR.
Under this latest framework, the EU has determined that the US ensures an “adequate level of protection.” This reduces burdens and simplifies the legal regime around data transfers between the two regions.
This framework is the third attempt at a data transfer agreement between the EU and US and represents the third adequacy decision on the US. The first two were struck down by the European Court of Justice (ECJ) due to concerns over US intelligence surveillance and data collection. This latest version attempts to address those concerns by introducing new safeguards in the US, such as establishing a Data Protection Review Court to provide a redress mechanism for EU individuals and requiring that intelligence activities be necessary and proportionate to intelligence priorities.
Nevertheless, Max Schrems, the Austrian privacy activist responsible for the demise of the first two frameworks, has already promised to challenge this latest framework before the ECJ, claiming that US policies still provide insufficient privacy protections.
It remains to be seen if the framework will survive future legal challenges, but in the meantime its enactment progresses. On July 17, the US Department of Commerce launched a website which allows companies to certify their compliance with the framework and restart the process of data transfers from the EU.
The EU-US Data Privacy Framework will be subject to periodic review by the European Commission, together with European data protection authorities and US authorities, to ensure US safeguards have been fully implemented and remain effective. The first such review will occur within a year.
About Curtis
Curtis, Mallet-Prevost, Colt & Mosle LLP is a leading international law firm. Headquartered in New York, Curtis has 19 offices in the United States, Latin America, Europe, the Middle East and Asia. Curtis represents a wide range of clients, including multinational corporations and financial institutions, governments and state-owned companies, money managers, sovereign wealth funds, privately owned businesses, individuals and entrepreneurs. The firm is particularly active on behalf of clients operating in the energy and renewable energy, commodities, telecommunications, manufacturing, transportation and technology industries.
For more information about Curtis, please visit www.curtis.com.
Attorney advertising. The material contained in this Client Alert is only a general review of the subjects covered and does not constitute legal advice. No legal or business decision should be based on its contents.
Data Protection and Privacy Law
Jonathan J. Walsh
Partner
New York
+1 212 696 6000
EU-US Data Privacy Framework Progresses through EU Approval Process
Is Congress Getting Closer to Enacting Comprehensive Federal Data Privacy Legislation?
We use cookies on our website to enhance your browsing experience, match your interests and assess our website performance. We do not share information with any third-party for marketing purposes. Please view our privacy policy to learn more about the use of cookies on our website. By continuing to browse our website, you consent to our use of cookies.