Menu

Filter by
content
PONT Data&Privacy
  • PONT home
    • mill

    0

    European cooperation and privacy regulators
    De verwerking van persoonsgegevens stopt niet bij de grens. Om het recht op de bescherming van persoonsgegevens te bewaken, werkt de Nederlandse privacytoezichthouder Autoriteit Persoonsgegevens (AP) binnen de Europese Unie (EU) intensief samen met verschillende Europese partners.

    EDPB opinion on new EU-US Data Privacy Framework

    The European Data Protection Board (EDPB) has issued its opinion on the new EU-US Data Privacy Framework (DPF) for transfers of personal data to the United States (US). According to the EDPB, the DPF is much better than its predecessor, but there are also caveats.

    Personal Data Authority March 3, 2023

    News press release

    News press release

    The EDPB consists of all European privacy regulators, including the Personal Data Authority.

    EU-US Data Privacy Framework

    On March 25, 2022, the European Commission (EC) and the US reached an agreement on the DPF to replace the Privacy Shield. Indeed, the latter had been declared declared invalid.

    The DPF regulates the protection of personal data in data flows between the European Union (EU) and the US. And should eliminate the shortcomings the European Court found in the Privacy Shield.

    To that end, the US has also made legislative changes. For example, US intelligence agencies are still allowed to access personal data of EU residents only when strictly necessary.

    What does the EDPB think?

    The EDPB writes in the opinion that the DPF is a significant improvement over the former Privacy Shield. But there are also caveats:

    • It is not clear enough what happens to personal data shared with companies in the U.S. and then transferred to companies in countries outside the EU.

    • People whose data has been transferred to the U.S. may have more options to exercise their rights, but it is still unclear how this works in practice.

    • There are questions about what safeguards are in place for the bulk collection of EU residents' data (such as by a "dragnet"). Moreover, oversight of this seems to be only after the fact.

    How to move forward?

    The EC has prepared a draft adequacy decision on the DPF. With such a decision, the EC establishes that a country outside the EU provides an adequate level of protection for the transfer of personal data from the EU.

    This adequacy decision is not yet fixed. Following the opinion of the EDPB, there still needs to be an agreement from the representatives of all EU member states and there may still be input from the European Parliament. In addition, there are some other conditions, including certain guarantees from the US.

    Until the EC has actually made the adequacy decision, organizations that want to transfer personal data to the U.S. still need to implement additional safeguards.

    Share article

    Comments

    MORE REACTIONS

    Leave a comment

    You must be logged in to post a comment.

    NEWS

    How does the AVG relate to AI applications? EDPB Opinion 28/2024 at a glance.

    Blog

    EDPB makes it easier for organizations to comply with the AVG

    News press release

    Regulators at the helm to curb online ad auctions

    News

    EDPB publishes guidelines on blockchain

    News press release

    The European Data Protection Board (EDPB) has adopted new guidelines for the use of blockchain technology. In the guidelines, organizations can see how they can manage personal data...

    Irish regulator DPC loses lawsuit against EDPB - Meta data practice under the microscope

    Blog
    Lesley Broos

    Erroneous cookie banners updated after AP intervention

    News press release

    EDPS strengthens enforcement of privacy rights: focus on right to be forgotten

    News press release

    Proposal AP oversight cookies

    News press release

    Geopolitical tensions and cyber risks threaten financial stability, warn European regulators

    News press release
    European Insurance and Occupational Pensions Authority

    Current affairs AVG and Privacy law

    Using case law, opinions and decisions of the AP and opinions and guidelines of the EDPB, get a complete and clear picture of how further interpretation is given to the mostly open standards in the AVG and UAVG.

    Learn more

    Privacy laws and regulations in employment law

    View book

    Inspection and deletion requests

    Individuals are increasingly invoking their privacy rights. For example, they ask for a copy of their data or, on the contrary, demand that the organization erase all their data. This raises complex questions. It is a challenge for many organizations: how can they fulfill all these requests efficiently but also properly? On the one hand, privacy compliance is important; on the other hand, you do not want to disadvantage your own position of proof in any future proceedings. A tricky matter with many pitfalls. This course gives you the tools to handle privacy requests efficiently and compliantly. The instructor uses many practical examples and concrete cases are worked out together so that your practical questions are directly addressed.

    Learn more

    Expert membership

    Expert membership

    Benefit now

    Join PONT | Data & Privacy

  • Access to Knowledge Base
  • Read e-books
  • Contact with peers
  • Own news overview
    • BECOME A MEMBER

    General

    Service

    Navigate

    Berghauser Pont Media Group

    CONTACT

    𝕏

    Copyright 2025 Berghauser Pont | Website created by Buro Zero