The invalidation of the Privacy Shield in 2020 complicated the use of solutions published by. Indeed, the latter had to supervise data transfers with new guarantees and had to comply with the decisions of the supervisory authorities that resulted from it, such as the decisions concerning Google Analytics issued by the CNIL in 2022.
The Data Privacy Framework, which came into force in July 2023, simplifies georgia phone number library transfers of personal data from the European Union to the United States, with concrete consequences for the future use of American solutions.
First, data transfers to certified US organizations can now be carried out without specific supervision. However, such transfers to non-certified organizations must always be subject to appropriate safeguards in accordance with Article 46 of the GDPR.
There is still uncertainty about its sustainability and the companies certified. It is therefore important to remain vigilant and maintain the additional measures put in place where necessary.
The legal implications of the data privacy framework
The DPF or Data Privacy Framework is a mechanism that facilitates the transfer ! of personal data from the European Union to organizations based in the United States present on an official list (presentation ! of this new framework here: Data Privacy Framework: what consequences? – Converteo ).
With this new framework, transfers no longer require the implementation of Standard ! Contractual Clauses or other transfer safeguards such as BCRs or Codes of Conduct, as was ! required following the invalidation of the Privacy Shield.
US companies (i.e. Google, Adobe, Meta, Microsoft etc.) wishing to benefit from the DPF ! must demonstrate their compliance with the privacy principles set out in this framework. To do this, they must submit a dossier to mobile list the Department of Commerce (“DoC”) which analyzes their compliance.
Although the DPF facilitates Transfers
These companies are only allowed to receive and process personal data of. Europeans if and only if they are listed in the Data Privacy Framework’s list of certified entities. The current list of swisscom ceo’s newsletter on linkedin: what to think? companies is available
Companies previously certified under the Privacy Shield seeking to obtain. DPF certification must comply with the requirements of the latter by October 10, 2023.