During its November plenary session on 4 November, the European Data Protection Board (EDPB) adopted a report on the first review of the EU-US Data Privacy Framework (DPF).
The EDPB acknowledged the efforts made to implement the DPF by the EU Commission and US authorities since it was adopted in July 2023. In particular, the Board highlighted the US Department of Commerce certification process for companies. However, despite the establishment of a redress mechanism for EU individuals, the report pointed to a low number of complaints, stressing the need for US authorities to enhance compliance monitoring for certified companies and calling for additional US guidance on compliance requirements for data transferred from the EU on areas such as human resources data.
In addition, the report evaluated US safeguards against public authority access to personal data and urged the Commission to oversee developments concerning the US Foreign Intelligence Surveillance Act. The Board recommended future DPF reviews occur within three years.
The EDPB also adopted a statement outlining its concerns about the recommendations put forward by the High-Level Group on Access to Data for Effective Law Enforcement. The Board stressed that "fundamental rights must be safeguarded when law enforcement agencies access the personal data of individuals."
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.