Data transfer between Europe and the US was declared illegal in 2020 by an EU court. Now, almost three years later, the European Commission has announced the adoption of a new adequacy decision, which essentially allows companies like Facebook, Google and Apple to store data about European users on their American servers.
The EU-US Data Privacy Framework introduces new binding safeguards to address all concerns raised by the European Court of Justice, reads a press release issued by the Commission. US intelligence services will still not be allowed access to EU data and a data protection review court accessible to all Europeans will be established.
The framework has indeed introduced improved mechanisms for the protection of personal data and the EU believes that the US will comply with a new detailed set of privacy obligations, such as an obligation to delete personal data when it is no longer needed for the purpose for which they were was collected.
The decision comes just months after Meta was fined 1.2 billion euros ($1.32 billion) by the EU for a similar problem: transferring data to third parties that didn’t meet security requirements. It is important to note that this adequacy decision may still be appealed before the bloc’s supreme court (CJEU) by privacy activists in the following months as it “lacks clarity” on fundamental privacy rights .
Start a new Thread