adequacy decision

European Commission Releases Draft Adequacy Decision on the EU-U.S. Data Privacy Framework

By Dan Cooper, Lisa Peets, Diana Lee & Laura Somaini on December 15, 2022

Posted in Cross-Border Transfers, Data Privacy, EU Data Protection, European Union

On December 13, 2022, the European Commission released its draft adequacy decision on the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), which, once formally adopted, would recognize that the United States ensures an adequate level of protection for personal data transferred from the EU to organizations certified under the EU-U.S. DPF. The draft decision follows the issuance of Executive Order 14086 on Enhancing Safeguards for U.S. Signals Intelligence Activities (“EO 14086”) by President Biden on October 7, 2022 (see our previous blog post here), and the political agreement reached between the EU and the U.S. in March 2022 (see our previous blog post here).

As many had expected, the draft adequacy decision assesses the limitations and safeguards relating to the collection and subsequent use of personal data transferred to controllers and processors in the United States by U.S. public authorities. In particular, the draft decision assesses whether the conditions under which the U.S. government may access data transferred to the United States fulfill the “essential equivalence” test pursuant to Article 45(1) of the GDPR, as interpreted by the Court of Justice of the European Union (“CJEU”) in Schrems II (see our previous blog post here). …

Continue Reading European Commission Releases Draft Adequacy Decision on the EU-U.S. Data Privacy Framework

European Commission Adopts Final UK Adequacy Decisions

By Paul Maynard, Nicholas Shepherd & Dan Cooper on June 29, 2021

Posted in Brexit, Cross-Border Transfers, Data Privacy, EU Data Protection, European Union, European Union, International, United Kingdom

On June 28, 2021, the European Commission adopted two decisions finding that the UK’s data protection regime provides an “adequate” level of protection for personal data transferred to the UK from the EU. The first decision covers transfers governed by the GDPR, and permits private companies located in the EU to continue to transfer personal data to the UK without the need for additional arrangements (such as the Commission’s new Standard Contractual Clauses (“SCCs”), which we discuss here). The second decision covers transfers under the Data Protection and Law Enforcement Directive, and permits EU law enforcement agencies to continue to transfer personal data to their counterparts in the UK.
Continue Reading European Commission Adopts Final UK Adequacy Decisions

EU-Japan Adopt Mutual Adequacy Decision

By Anna Oberschelp de Meneses on January 24, 2019

Posted in EU Data Protection, European Union, Uncategorized

[Update to previous post from August 17, 2018]

On January 23, 2019, the European Commission and Japan mutually recognized each other’s data protection laws as providing an adequate level of protection of personal data (see European Commission press release here). As a result, nearly all personal data can now flow freely between the EU…

EU and Japan conclude talks on reciprocal adequacy finding

By Anna Oberschelp de Meneses on August 17, 2018

Posted in Cross-Border Transfers, Data Privacy, European Union, International

On July 17, 2018, the European Commission successfully concluded negotiations with Japan on a reciprocal adequacy finding which will allow personal data to flow freely from the EU to Japan (and vice versa).

The adequacy decision has not yet been formally adopted, as it must still undergo the respective EU and Japanese approval procedures, which…

Inside Privacy

adequacy decision

European Commission Adopts Final UK Adequacy Decisions

EU and Japan conclude talks on reciprocal adequacy finding

About this Blog