ACT | The App Association welcomes the European Commission’s adoption of an adequacy decision for the EU-U.S. Data Privacy Framework, which President Biden and European Commission President von der Leyen announced in March 2022. This new framework will play a crucial role in ensuring the continued protection of data and restoring seamless data flows between the two regions.
As we’ve written numerous times, and explored in-depth in an expert roundtable and accompanying report, Privacy Shield served as a vital transfer mechanism for small and medium-sized businesses that wished to comply with the General Data Protection Regulation (GDPR) but did not possess the resources or sophisticated legal departments needed to draft and administer standard contractual clauses, binding corporate rules, or other more complicated transfer mechanisms that many businesses were forced to rely on in the absence of Privacy Shield. With the new EU-U.S. Data Privacy Framework in place, small businesses will once again be able to self-certify their participation in the framework and their commitment to privacy, and, in some cases, resume the data transfers that were paused in the interim.
The Commission’s conclusion that the United States ensures an adequate level of protection—comparable to that of the European Union—for personal data transferred from the EU to U.S. companies under the new framework is an important step to provide trust to citizens that their data is safe and to deepen the $7 trillion-dollar U.S.-EU economic relationship while enabling businesses on both sides of the Atlantic to compete in each other’s markets.