Strengthening Transatlantic Ties | New Data Transfer Agreement Between EU and US
Learn about the transatlantic data-transfer agreement between the EU and the U.S., addressing concerns raised by previous pacts. Discover the enhanced privacy measures and safeguards, as well as the potential legal challenges ahead. Find out how this agreement benefits companies and individuals on both sides of the Atlantic while complying with EU privacy law.
A new transatlantic data-transfer agreement between the European Union (EU) and the United States has been approved in a third attempt, following assurances from U.S. President Joe Biden about protecting EU citizens' data from potential access by American security agencies. However, EU Justice Commissioner Didier Reynders anticipates legal challenges similar to the ones faced by its two predecessors.
EU Commission President Ursula von der Leyen stated that this adequacy decision facilitates data transfer between thousands of companies on both sides of the Atlantic while complying with EU privacy law. The decision follows lengthy negotiations and an executive order from President Biden, promising to safeguard EU citizens’ data transferred to the US.
The agreement marks a significant advancement in the ongoing issue that left numerous companies, including Meta Platforms Inc., in legal uncertainty following the 2020 annulment of the previous Privacy Shield pact by the EU's top court. This annulment threatened to disrupt significant data exchanges necessary for various business activities, from sales and marketing to payroll processing.
The newly approved EU-U.S. Data Privacy Framework addresses concerns previously raised by the European Court of Justice. It introduces several measures, such as limiting access to EU data by US intelligence services to what is deemed necessary and proportionate. The framework also establishes a Data Protection Review Court (DPRC), accessible to EU individuals.
Notably, if the DPRC determines that data has been collected violating the new safeguards, it can order the data's deletion. This comprehensive approach, coupled with additional obligations for US companies importing data from the EU, represents significant improvements over the old Privacy Shield mechanism.
Under the new framework, US companies can participate by committing to a detailed set of privacy obligations. For example, companies must delete personal data when no longer necessary and ensure continued protection when personal data is shared with third parties.
The new framework provides several recourse avenues for EU individuals if US companies mishandle their data. These include free independent dispute resolution mechanisms and an arbitration panel. The safeguards also limit data access by US public authorities, particularly for criminal law enforcement and national security purposes, to what is necessary and proportionate.
Privacy advocate Max Schrems, who initiated the legal battles that resulted in the cancellation of prior EU data transfer pacts, is ready to challenge this most recent agreement. Schrems has expressed concerns about the recurring pattern of these agreements, speculating that the current one could meet a similar end.
The US has set up an independent and impartial redress mechanism, including the Data Protection Review Court (DPRC), to address complaints from EU individuals regarding their data's collection and use by US intelligence agencies.
The functioning of the EU-U.S. Data Privacy Framework will be subject to periodic reviews, with the first review expected within a year of the adequacy decision's enforcement. These reviews will be carried out by the European Commission, together with representatives of European data protection authorities and competent US authorities.
Get Started For Free with the
#1 Cookie Consent Platform.
No credit card required

Client Reporting Privacy Compliance: Comprehensive Solutions for Agencies and Service Providers
You're losing client trust — and potential revenue — every time you scramble to answer basic questions about privacy compliance.
- Legal & News
- Integrations

HIPAA Privacy Policy: Essential Website Compliance for Healthcare Organizations
Your healthcare website could be violating federal law right now — and you might not even know it. If your site collects patient information through contact forms, operates patient portals, or processes any health-related data, your HIPAA privacy policy isn't just a legal formality, it's your first line of defense against costly violations and patient trust breaches.
- Legal & News
- USA

What Is Cookie Compliance? A Plain English Guide for Website Owners
Your website uses cookies to track visitors, remember their preferences, and analyze behavior. But did you know those innocent-looking cookies come with serious legal obligations? Most website owners discover this the hard way when they receive compliance warnings or face potential fines.
- Legal & News
- Data Protection
- Cookie Consent
- Cookie banner