by Dr. Martin Braun, Kirk J. Nahra, Frédéric Louis, Benjamin A. Powell, Anne Vallery, Itsiq Benizri, Valentino Halim, Ali A. Jessani, and Shannon Togawa Mercer
Top left to right: Dr. Martin Braun, Kirk J. Nahra, Frédéric Louis, Benjamin A. Powell, and Anne Vallery.
Bottom left to right: Itsiq Benizri, Valentino Halim, Ali A. Jessani, and Shannon Togawa Mercer.
(Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP)
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (“Adequacy Decision”). This ends a three-year journey to set up a successor to the EU-U.S. Privacy Shield mechanism, which the Court of Justice of the European Union (“CJEU”) deemed invalid on July 16, 2020. U.S. President Joe Biden welcomed the Adequacy Decision, stating that it “will provide greater data privacy protections and economic opportunities.”
The Adequacy Decision concludes that the U.S. provides for an adequate level of protection under the EU’s General Data Protection Regulation (“GDPR”) when personal data of individuals in the European Economic Area (“EEA”) is transferred to U.S. companies certified under the new EU-U.S. Data Privacy Framework.
