5 pillars of drop shipping contracts: Creating security in a fast-growth model
Drop shipping is growing fast. Find out how the right contracts can protect your margins, brand and legal position.
Read More
The European Union (EU) and United States (US) have recently reached a decision regarding data adequacy.
Commercial & Data Protection|03 August 2023
Insight
The EU announced on 10 July 2023, that the personal data protections in the US are considered adequate and comparable to those in the EU, subject to certain conditions.
Adequacy refers to countries, territories, sectors, or international organisations that provide a level of protection to personal data that is essentially equivalent to the safeguards offered by the EU.
When a state has an adequacy decision, personal data can be freely transferred to and from that location and the EU without the need for additional safeguards, such as adopting EU Contractual Clauses (SCCs), the Addendum to the SCCs, and Data Transfer Impact Assessments.
For more detailed information on data adequacy and additional safeguards, please refer to our article titled “The new international data transfer laws”.
With this new adequacy decision, EU-based businesses will be able to transfer personal data to the US without restrictions, provided that the recipient company is a member of the Data Privacy Framework (DPF). Companies are enrolled in the DPF if they commit to and comply with specific privacy obligations. However, certain entities such as banks, insurers, and telecommunications companies cannot join the DPF, necessitating the use of additional safeguards.
This decision marks a significant development in data sharing between the EU and the US, which has faced challenges since the abolition of the Data Privacy Shield. Recently, Ireland’s Data Protection Commission imposed a €1.2b fine on Meta for transferring Facebook users’ data to the US. More information on this can be found in our article titled “Meta given €1.2b fine for breach of the GDPR.”
The adequacy decision is already in effect, enabling EU companies to transfer personal data to DPF-registered and certified US companies. However, Austrian activist Max Schrems is expected to challenge the decision.
Schrems previously brought the Schrems II case before the Court of Justice of the European Union, leading to increased protections for data transfers to countries without adequacy decisions. He argues that the DPF does not offer significantly different or enhanced protections compared to the previous Privacy Shield. Schrems specifically highlights concerns about US surveillance powers over non-US nationals under section 702 of the US Foreign Intelligence Surveillance Act.
Currently, UK businesses cannot rely on this adequacy decision. However, as mentioned in our article titled “UPDATE: The UK & US commit to the free flow of personal data between the two countries | Flint Bishop,” the UK is likely to establish an agreement in the near future to facilitate the free flow of data with the US.
Contact Us
If your company has operations based in the EU and you transfer data to the US, or if you would like any other data protection advice, please contact Haroon Younis, Partner & Head of Commercial, on 01332 226 466 or fill in the form below.
Related Services
Knowledge
Drop shipping is growing fast. Find out how the right contracts can protect your margins, brand and legal position.
Read MoreLearn about fiduciary duties, commission disclosure, and legal compliance after the Expert Tooling v Engie ruling.
Read MoreLearn how Rukhadze v Recovery Partners reinforces strict fiduciary duties and what it means for your business and governance.
Read MoreThe ICO and CMA's joint statement outlines new AI in finance regulations, focusing on data protection, competition, and consumer safeguards.
Read MoreA decade of progress – but the fight against modern slavery isn’t over, we highlight how businesses can meet stricter transparency rules.
Read MoreNavigate AI regulations in financial services. Key insights from the FCA & ICO on compliance, data protection, and innovation.
Read MoreExplore how to create an AI usage policy that mitigates risks and ensures responsible adoption for your business.
Read MoreEffective data safety and optimisation are key to business success, reducing risks and improving efficiency in a digital world.
Read MoreLandmark EU court ruling awards damages for unlawful data transfer. Learn what this means for GDPR compliance and safeguarding your business.
Read MoreProtect your SME from data breaches. Discover key tips for GDPR compliance and data security during Data Protection Week.
Read MoreBoost profitability with well-negotiated commercial contracts—learn essential terms to protect and grow your business.
Read MoreDiscover the key changes introduced by the Data (Use and Access) Bill and how organisations must adapt to meet compliance requirements.
Read MoreScroll to next section
Scroll back to the top
On Monday 29 September, Flint Bishop successfully completed the acquisition of the entire business of Lupton Fawcett LLP. You have been forwarded to the page most relevant to your visit.
Please feel free to explore our website and learn more about our legal services and professionals, including those who have recently joined us from Lupton Fawcett.