Trans-Atlantic Data Privacy Framework
General overview, commentaries and links
- Data will be able to flow between the EU and participating U.S. companies
- Strong obligations for companies processing data transferred from the EU, which
will be required to self-certify their adherence to the Principles through the U.S. Department of Commerce
- A new set of rules and binding safeguards to limit access to data by U.S. intelligence authorities to what is necessary and proportionate to protect national security; U.S.
intelligence agencies will adopt procedures to ensure effective oversight of new privacy and civil liberties standards
- A new two-tier redress system to investigate and resolve complaints of Europeans on
access of data by U.S. Intelligence authorities, which includes a Data Protection Review Court
- Specific monitoring and review mechanisms
- The agreement in principle will now be translated into legal documents.
- Legal documents are still to be drafted and adopted on the US and EU sides.
- The U.S. commitments will be included in an Executive Order.
- This Executive Order will form the basis of the EU Commission's assessment in its future adequacy decision.
- The (future) adequacy decision by the EU Commission would then put in place the new Trans-Atlantic Data Privacy Framework.
Important primary sources
- EU Commission on TADPF (or TDPF)
- Whitehouse Fact Sheet on TADPF (or TDPF)
- NOYB on TADPF (or TDPF)
Commentaries and articles
- Twitter thread by Dr. Gabriela Zanfir-Fortuna
- Article: Beyond Schrems II: What Happens After EU and US Officials Conclude Negotiations for Privacy Shield 2.0
- Please send me suggestions!
Discussion and mailing list
Personal view (no legal advice/view)
- No legal documents yet..
- No timelines..
- No proper acronym yet. - T-ADPF? TADPF? TDPF?
- Transfers would be based on a (future! pending!) adequacy decision
- What does this mean for onward transfers?
- Apparently unrelated to the new Standard Contractual Clauses templates (and need to adopt them until end of 2022)
- Why is the FBI not mentioned in the announcements/fact sheets?
- Would the future changes be significant enough to no longer require (based on a [updated] Transfer Impact Assessment) Supplementary Mesaures to be in place when processing under Standard Contractual Clauses in the USA?
Disclaimer/Data Protection Notice
- I'm running this web site to provide you a reasonable personal intro to the Trans-Atlantic Data Privacy Framework. - I'm not a lawyer. None of the information should be seen as legal advice. Please consult with your legal counsel and check the primary sources.
- Personal data processed: Not much really. Just what your browser sends me, i.e. URL request with date/time, browser detsils, your IP address, the referring URL.
- External recipients, cookies, trackers or similar technologies: None. (My site also tells your browser not to tell linked sites that you came from here).
- Data retention: This web site keeps the web server logs for less than 90 days.
- I might update this notice from time to time, so please come back to check it for changes.
- This is a private web site hosted in Switzerland. Local laws apply. (We are principle based.)
- Contact: info (at) privacydesign.ch
- Data subject rights: I have no legal means reasonably likely to identify you - nor to confirm your identity. So I wouldn't know a request came from you. - But you can contact me under the given contact.