EU–US Data Privacy Framework

The EU–US Data Privacy Framework is a European Union–United States data transfer framework that was agreed to in 2022 and declared adequate by the <a href="/facts/European_Commission/Cc5JgbEI">European Commission</a> in 2023. Previous such regimes—the <a href="/facts/EU%25E2%2580%2593US_Privacy_Shield/zo9KCszb">EU–US Privacy Shield</a> (2016–2020) and the <a href="/facts/International_Safe_Harbor_Privacy_Principles/x8pGbKXr">International Safe Harbor Privacy Principles</a> (2000–2015)—were declared invalid by the <a href="/facts/European_Court_of_Justice/yhkq7Y7Q">European Court of Justice</a> in part due to concerns that personal data leaving EU borders is subject to sweeping US government surveillance. The EU-US Data Privacy Framework is intended to address these concerns.
After the invalidation of the EU–US Privacy Shield in July 2020, companies wishing to transfer data between the EU and the US "have faced confusion, higher compliance costs, and challenges for EU–US business relationships".
The <a href="/facts/European_Parliament/H9WLUd1r">European Parliament</a> raised substantial doubts whether the new agreement reached by <a href="/facts/Ursula_von_der_Leyen/h0Q8RqDF">Ursula von der Leyen</a> actually conforms with EU laws, as it still does not sufficiently protect EU citizens from US <a href="/facts/Mass_surveillance/GgAEJtso">mass surveillance</a> and fails to enforce basic human digital rights in the EU. In May 2023, a resolution on this matter passed the European Parliament with 306 votes in favor and 27 against. The NGO <a href="/facts/NOYB/XgNDteeF">NOYB (European Center for Digital Rights)</a> has announced that it will challenge the framework again before the <a href="/facts/European_Court_of_Justice/yhkq7Y7Q">European Court of Justice</a>.

EU–US Data Privacy Framework open-in-new

EU–US Data Privacy Framework