The EU-US Data Privacy Framework: A new era for data transfers?

Legally, until an adequacy determination is granted, companies should continue to follow the European Data Protection Board’s recommendations on measures that supplement transfer tools. But, once the EU is named as a “qualifying state” (assuming it will be) and complaints can be summited, this should become less daunting. The EDPB recommendations state that companies must “assess if there is anything in the law or practice of the third country that may impinge on the effectiveness of the appropriate safeguards of the transfer tools you are relying on, in the context of your specific transfer.”

Hogan Lovells advises to "Monitor how European data protection authorities react and position themselves on the EO until an adequacy decision is adopted. In ongoing enforcement proceedings regarding data transfers to the U.S., data protection authorities would need to consider the new EO when assessing the lawfulness of the transfer."

The Baden-Württemberg's SA assesses in the Frankfurter Allgemeine that the US President's decree on data protection is not enough and that companies will have to wait even longer for a viable solution for their transatlantic data traffic.