On 10 July 2023, the EU reached a deal with the US on how to better protect the privacy of personal data belonging to EU residents when their data gets transferred across the Atlantic. After years of discussions, and countless fines against Meta, Google and other big tech companies for violating GDPR rules, will this new framework be the “get out of jail free card” big tech companies have been waiting for?
First, let us get into the nitty-gritty details behind the framework.
What are the key principles behind the framework?
How do US companies self-certify their participation in the EU-US DPF?
What about the UK?
The DPF only applies to personal data that is subject to EU GDPR, therefore it does not apply under the UK Data Protection Act. However, in June 2023, the UK and the US agreed to establish a UK Extension to the Data Privacy Framework. This extension will create a data bridge between the US and the UK which will facilitate the free flow of personal data between the two countries.
This new framework will make it easier for companies to transfer personal data from the EU to the US and as more US companies certify their participation in the DPF, this will likely increase the number of cross-border promotions between the EU and US!