In July 2023, the European Commission adopted an adequacy decision for the EU-US Data Privacy Framework (DPF), as we previously reported. This permitted the free flow of personal data from the EU to DPF participating companies in the U.S.
There are a number of items that U.S. companies must perform to become DPF certified as outlined in our article here. On October 9, 2024, the European Commission issued a review of the adequacy decision of the EU-US DPF to the European Parliament and Council of Europe after its first year in force. Amongst other things, the European Commission noted that:
- More than 2,800 U.S. companies are DPF certified, in contrast to 2,400 companies under the previous EU-US Privacy Shield regime;
- The Department of Commerce has rejected 33 organizations from seeking to join the DPF;
- 70% of the DPF participants are SMEs and a large number of DPF companies (47%) are in the information, communications and technology sectors;
- 60% of DPF participants are certified exclusively for non-HR data, 2.5% of DPF participants are certified exclusively for HR data and 37.5% of DPF participants are certified for both HR and non-HR data;
- Of the 87 complaints that were made to the BBB National Programs from EU data subjects, only two were eligible for redress; and
- To date, no EU member state's Data Protection Authority has received an EU data subject's complaint for redress.
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-06-06-20-49-24-893-666220d4737578f741492c8c.jpg)
/Passle/5fb3c068e5416a1144288bf8/MediaLibrary/Images/2024-11-19-05-41-28-254-673c25083578d9951b112697.jpg)
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-11-19-15-58-56-874-673cb5c09e69c3dc65f4c514.jpg)
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-11-13-04-20-53-319-67342925635b40298fc99a90.jpg)
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-11-12-15-30-16-132-67337488b95e96d83645a122.jpg)