Search for:

United States: The EU – US data privacy framework and the impact on companies in the European Economic Area and USA compared to other international data transfer mechanisms

By 1 Min Read

In brief

Third time’s a charm? Companies in the European Economic Area (EEA), Switzerland, and the UK (EEA+) are considering the pros and cons of the third attempt of the EU Commission and US government to establish interoperability between their data protection and privacy law systems after the demise of the US Safe Harbor Program and the EU–US Privacy Shield. Should US companies register? Are the efforts worth the potential benefits, given that the new programme has already been challenged and may be invalidated like previous programmes for reasons that businesses cannot control? Should companies that were already enrolled in the previous programmes accept automatic enrolment or leave the programme? Can and should companies in the EEA+ rely on EU–US Data Privacy Framework (DPF) registration for international transfers? Or insist on registration in addition to standard contractual clauses (EU SCC 2021) or other compliance mechanisms? Are data transfer impact assessments (DTIAs) still required for transfers to the US? Should they be updated?

Read the full article here

*Copyright Henry Stewart Publications reproduced with permission: Volume 6 (2023-24) | Henry Stewart Publications

Categories:
Author

Lothar Determann has been helping companies in Silicon Valley and around the world take products, business models, intellectual property and contracts global for nearly 20 years. He advises on data privacy law compliance, information technology commercialization, interactive entertainment, media, copyrights, open source licensing, electronic commerce, technology transactions, sourcing and international distribution at Baker McKenzie in San Francisco & Palo Alto. He is a member of the Firm's International/Commercial Practice Group and the TMT and Healthcare industry groups.

Author

Dr. Michaela Nebel is a partner in the Frankfurt office of Baker McKenzie. Prior to joining Baker McKenzie she studied law at the University of Passau. She obtained her Doctor of Law degree on a topic related to privacy in the Web 2.0. From July until December 2014 she practiced at the San Francisco office of Baker McKenzie. She is a member of the International Association of Privacy Professionals (IAPP), since May 2015 a Certified Information Privacy Professional/Europe (CIPP/E) and since May 2017 a Certified Information Privacy Professional/United States (CIPP/US). She is also the author of numerous articles on information technology law, in particular on data protection law and e-commerce law, and the co-author of an English language commentary on the EU General Data Protection Regulation.

Author

Prof. Dr. Michael Schmidl is co-head of the German Information Technology Group and is based in Baker McKenzie's Munich office. He is an honorary professor at the University of Augsburg and specialist lawyer for information technology law (Fachanwalt für IT-Recht). He advises in all areas of contentious and non-contentious information technology law, including internet, computer/software, data privacy and media law. Michael also has a general commercial law background and has profound experience in the drafting and negotiation of outsourcing contracts and in carrying out compliance projects.

Related Posts