The European Commission published, on 13 December 2022, its draft adequacy decision for the EU-US Data Privacy Framework¹ ('EU-US DPF'), aimed at fostering safe data flows and addressing concerns raised by the Court of Justice of the European Union's ('CJEU') judgment in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (C-311/18) ('the Schrems II Case'). OneTrust DataGuidance provides an overview of the draft decision including its impact on companies moving forward, with expert comments from Odia Kagan, Partner and Chair of GDPR Compliance & International Privacy at Fox Rothschild LLP, David Dumont, Partner at Hunton Andrews Kurth, and Mark Francis, Partner at Holland & Knight LLP.

Since the invalidation of the EU-US Privacy Shield following the Schrems II Case, organisations have been required to find alternative mechanisms for personal data being transferred from the EU to the US in order to ensure an essentially equivalent level of protection is provided. However, following several months of negotiation, on 7 October 2022, the President Joe Biden, signed the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities¹ ('EO')  which outlines how the US plans to implement its commitments under the European Union-US Data Privacy Framework ('EU-US DPF'). This constitutes a significant next step towards reinstating an adequacy decision from the European Commission, which would facilitate the transatlantic flow of personal data between the two regions.

Whilst reactions and questions surrounding the protections provided by the EO arise, OneTrust DataGuidance provides an outline of the main provisions of the EO, with comments provided by David Dumont, Partner at Hunton Andrews Kurth, and Odia Kagan, Partner and Chair of GDPR Compliance & International Privacy at Fox Rothschild LLP.