US implements privacy framework for EU data exchange, final agreement expected mid-July
After months of cross-Atlantic negotiations, the U.S. announced it has fulfilled its commitments for implementing the EU-US Data Privacy Framework, a mechanism designed to safely transfer European Union citizens’ personal data to the United States, including biometric data.
The announcement was made on Monday by U.S. Secretary of Commerce Gina Raimondo. The European Commission is expected to finalize the painstakingly negotiated data transfer pact in mid-July.
This is the third time that the two sides have attempted to reach a deal on data. The newest Data Privacy Framework was announced in March 2022, after Europe’s top court scrapped two previous frameworks due to concerns about U.S. spy agencies accessing Europeans’ private data. The third iteration of the deal has also hit obstacles with the issue of redress for European citizens becoming the center of a privacy battle between the two trade partners.
In the new statement, the U.S. government confirms that EU, Iceland, Liechtenstein and Norway qualify for a redress mechanism, established under Executive Order 14086 in late 2022, which allows citizens to sue U.S. spy agencies if they suspect they are breaking U.S. laws.
European Parliament adopted a resolution in May positioned against the data flow deal. The resolution argued that U.S. spy agencies’ powers are still too broad and that European citizens will not be able to appeal or claim damages as U.S. authorities can keep their decisions secret.
Despite these hurdles, the European Commission said it is currently finalizing the framework and reiterated that it expects it to be in place this summer, according to a recent Reuters report.
Companies will be required to adopt new requirements which include deleting personal data when no longer necessary for the purpose for which it was originally collected. Biometric data will be part of a special category of sensitive personal data and will have to be treated as such by certified organizations, according to the draft legislation.
Related Posts
Article Topics
biometric data | data privacy | data protection | data sharing | Europe | United States
Comments