Careers

Experiences

Industries

Offices

Our Firm

Pages

Our People

Updates

Practices

Warner Norcross + Judd LLP is a corporate law firm with over 230 attorneys serving clients in nine offices throughout Michigan. Among the largest law firms in Michigan, Warner works in virtually all areas of business law.

Michigan Law Firm - Warner Norcross + Judd LLP

On Monday, the European Commission formally adopted the long-awaited adequacy decision on the EU-U.S. Data Privacy Framework (DPF). This decision concludes that the United States ensures an adequate level of protection, comparable to that of the European Union, meaning personal data can be freely transferred from the EU to U.S. companies participating in the DPF without putting in place additional data protection safeguards like Standard Contractual Clauses.

contentpilot/introduction

While this is welcome news to many, challenges to the adequacy decision are expected, and there is a real risk that the DPF may be invalidated like its predecessors the Safe Harbor and Privacy Shield. Thus, companies are left to decide whether they want to certify to the new DPF in light of the European Commission’s decision or continue to rely on existing transfer mechanisms like the Standard Contractual Clauses or Binding Corporate Rules.

core/paragraph

There are advantages to certifying to the DPF, particularly for those companies receiving large volumes of EU personal data. The DPF simplifies GDPR compliance by creating a smoother contracting process and removing the need to conduct data transfer impact assessments or implement supplemental security measures. Additionally, organizations that have already certified to the Privacy Shield are expected to easily transition to the DPF, though exact details of the process are not yet final. However, for those organizations that have not certified to the Privacy Shield, the effort required to gather the necessary information and implement a compliance program can be daunting, and the uncertain fate of the DPF may make the initial effort needed to self-certify less appealing. Moreover, organizations transferring data to third countries not subject to adequacy decisions will still need to rely on Standard Contractual Clauses, and the DPF is not applicable in the UK, although an extension of the DPF to UK personal data is expected soon.

For questions about whether your organization should consider self-certification to the DPF, or for assistance with GDPR compliance generally, please contact Kelly Hollingsworth or any other member of the Cybersecurity and Privacy Practice Group at Warner Norcross + Judd.

Partner

Kelly R. Hollingsworth

Cybersecurity and Privacy

European  Commission Adopts EU-U.S. Data Privacy Framework

Warner Norcross + Judd LLP is responsible for the contents of our advertising and this website. Please read our full <a href="/privacy-policy/" aria-label="see privacy policy">privacy policy</a> available on our website. If you have any questions or comments about our website or our Privacy Policy please contact us at <a href="mailto:info@wnj.com">info@wnj.com</a> or 616.752.2000. 

European Commission Adopts EU-U.S. Data Privacy Framework

professionals