In July 2023, the European Commission adopted an adequacy decision for the EU-US Data Privacy Framework (DPF), as we previously reported. This permitted the free flow of personal data from the EU to DPF participating companies in the U.S.
There are a number of items that U.S. companies must perform to become DPF certified as outlined in our article here. On October 9, 2024, the European Commission issued a review of the adequacy decision of the EU-US DPF to the European Parliament and Council of Europe after its first year in force. Amongst other things, the European Commission noted that:
- More than 2,800 U.S. companies are DPF certified, in contrast to 2,400 companies under the previous EU-US Privacy Shield regime;
- The Department of Commerce has rejected 33 organizations from seeking to join the DPF;
- 70% of the DPF participants are SMEs and a large number of DPF companies (47%) are in the information, communications and technology sectors;
- 60% of DPF participants are certified exclusively for non-HR data, 2.5% of DPF participants are certified exclusively for HR data and 37.5% of DPF participants are certified for both HR and non-HR data;
- Of the 87 complaints that were made to the BBB National Programs from EU data subjects, only two were eligible for redress; and
- To date, no EU member state's Data Protection Authority has received an EU data subject's complaint for redress.
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-06-06-20-49-24-893-666220d4737578f741492c8c.jpg)
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-10-22-19-46-42-611-67180122734716aefbd8af1b.jpg)
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-10-22-19-00-04-061-6717f6344520c28b1fbcdb5a.jpg)
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-10-18-12-58-09-747-67125b614175dcafbf202ea5.jpg)
/Passle/5fb3c068e5416a1144288bf8/SearchServiceImages/2024-10-10-11-56-39-027-6707c0f7f5596733f8621cb0.jpg)