On 10 July 2023, the European Commission (EC) adopted its adequacy decision for the EU-US Data Privacy Framework (DPF). The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new DPF. Personal data can therefore flow freely from the EU to US companies participating in the DPF, without having to put in place additional data protection safeguards. As of today, some 2,500 U.S. businesses have self-certified their adherence to the Data Privacy Framework.
The DPF is an additional mechanism to ensure adequate safeguards when transferring personal data from the EU to the U.S. The use of other mechanisms, such as Standard Contractual Clauses (SCC), remains an option. But what are the main differences between the DPF and SCC? Why would you choose one above the other? What are the advantages of the DPF over SCC and vice versa? Here is a useful table comparing both transfer mechanisms.
Should you have any questions, do not hesitate to contact the authors.
Information Communication Technology
Information Governance & Data Protection
Telecommunications, Media & Technology
Commercial law
Dispute Resolution
Intellectual Property (IP)
bastiaan.bruyndonckx@lydian.be
Intellectual Property (IP)
Life Science
Commercial law
Dispute Resolution
Information Governance & Data Protection
Telecommunications, Media & Technology
olivia.santantonio@lydian.be
Commercial law
Dispute Resolution
Information Communication Technology
Information Governance & Data Protection
Intellectual Property (IP)
Telecommunications, Media & Technology
liese.kuyken@lydian.be
