On Wednesday, 9 October 2024, the European Commission published its first periodic review of the EU-US Data Privacy Framework (DPF), following the call for feedback in August 2024.
The review highlighted that SMEs make up the majority of participants in the DPF (70%), with almost half (47%) operating in the ICT sector.
In addition, the review noted that the US Department of Commerce (DoC) rejected 33 applications as they did not satisfy the DPF requirements criteria. While the DoC has not yet detected any compliance issues, it has only conducted ad-hoc checks. The DoC plans to conduct automated compliance checks in the coming year. The review also revealed that only a small number of complaints had been lodged by individuals related to DPF non-compliance. Moving forward, the review highlighted the need for further guidance and clarification in cooperation with the European Data Protection Board (EDPB) on various aspects, such as HR data transferred under the DPF and any obligations that relate to it.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.