This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Asset 3
  • About
  • People
  • Capabilities
  • Insights
  • Careers
  • Public Interest
  • Inclusion
  • Contact us
    Contact us
  • Locations
    Locations
  • Search
    Search
  • About
    • About
    • Message From the CEO
    • Firm History
    • Alumni
    • Alumni
    • In Memoriam
  • People
  • Capabilities
    • Practices
    • Industries
    • Global Reach: The Law Firm Network
    • Bankruptcy & Restructuring
    • Brand & Reputation Management
    • Intellectual Property
    • Litigation & Dispute Resolution
    • Special Situations, Distressed Debt and Debt Trading
    • Transactions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Energy & Environmental
    • Entertainment & Media
    • Investment Management 
    • Life Sciences
    • Technology
    • Real Estate
    • Bankruptcy & Restructuring
    • Bankruptcy Litigation
    • Mass Torts Bankruptcy
    • Intellectual Property
    • Intellectual Property Litigation
    • Patents
    • Trademark, Copyright & Advertising
    • Patent Trial and Appeals Board (PTAB)
    • Litigation & Dispute Resolution
    • Civil Fraud Litigation
    • Employment Practices and Litigation
    • Government Contracts Litigation
    • Intellectual Property Litigation
    • Insurance Recovery
    • Litigation Funding
    • M&A and Private Equity Litigation
    • Real Estate Litigation
    • Patent Trial and Appeals Board (PTAB)
    • UK Tax Controversy & Litigation
    • Special Situations, Distressed Debt and Debt Trading
    • Distressed Debt & Claims Trading
    • Litigation Funding
    • Finance
    • Real Estate Special Situations
    • Transactions
    • Capital Markets
    • Cross-Border Transactions
    • Emerging Growth Companies & Venture Capital
    • Employment
    • Finance
    • Franchising
    • Mergers & Acquisitions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Economic Sanctions & Export Controls
    • Energy & Environmental
    • Energy
    • Energy Transition
    • Environmental
    • Entertainment & Media
    • Brand & Reputation Management
    • Intellectual Property
    • Sports
    • Investment Management
    • Fund Formation
    • Private Equity Transactions
    • Distressed Debt
    • Emerging Growth Companies & Venture Capital
    • Family-Owned & Closely Held Businesses
    • Private Equity Litigation
    • Life Sciences
    • BR BioAdvisory Services
    • Technology
    • Artificial Intelligence
    • Cybersecurity & Data Privacy
    • Digital Commerce
    • Fintech
    • Real Estate
    • Hospitality & Leisure
    • Distressed Real Estate
    • Real Estate Special Situations
    • Real Estate Litigation
    • Wireless Network Infrastructure
  • Insights
    • Client News
    • Firm News
    • Briefings
    • Events
  • Careers
    • Experienced Lawyers
    • U.S. Law Students
    • London Trainee Program
    • Business Professionals
    • Professional Development
  • Public Interest
    • Brown Rudnick Charitable Foundation
    • Pro Bono & Community Service
  • Inclusion
    • Inclusion
    • Women in Business Series
  • Contact Us
  • Location
  • Search
  • About
    • About
    • Message From the CEO
    • Firm History
    • Alumni
    • Alumni
    • In Memoriam
  • People
  • Capabilities
    • Practices
    • Industries
    • Global Reach: The Law Firm Network
    • Bankruptcy & Restructuring
    • Brand & Reputation Management
    • Intellectual Property
    • Litigation & Dispute Resolution
    • Special Situations, Distressed Debt and Debt Trading
    • Transactions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Energy & Environmental
    • Entertainment & Media
    • Investment Management 
    • Life Sciences
    • Technology
    • Real Estate
    • Bankruptcy & Restructuring
    • Bankruptcy Litigation
    • Mass Torts Bankruptcy
    • Intellectual Property
    • Intellectual Property Litigation
    • Patents
    • Trademark, Copyright & Advertising
    • Patent Trial and Appeals Board (PTAB)
    • Litigation & Dispute Resolution
    • Civil Fraud Litigation
    • Employment Practices and Litigation
    • Government Contracts Litigation
    • Intellectual Property Litigation
    • Insurance Recovery
    • Litigation Funding
    • M&A and Private Equity Litigation
    • Real Estate Litigation
    • Patent Trial and Appeals Board (PTAB)
    • UK Tax Controversy & Litigation
    • Special Situations, Distressed Debt and Debt Trading
    • Distressed Debt & Claims Trading
    • Litigation Funding
    • Finance
    • Real Estate Special Situations
    • Transactions
    • Capital Markets
    • Cross-Border Transactions
    • Emerging Growth Companies & Venture Capital
    • Employment
    • Finance
    • Franchising
    • Mergers & Acquisitions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Economic Sanctions & Export Controls
    • Energy & Environmental
    • Energy
    • Energy Transition
    • Environmental
    • Entertainment & Media
    • Brand & Reputation Management
    • Intellectual Property
    • Sports
    • Investment Management
    • Fund Formation
    • Private Equity Transactions
    • Distressed Debt
    • Emerging Growth Companies & Venture Capital
    • Family-Owned & Closely Held Businesses
    • Private Equity Litigation
    • Life Sciences
    • BR BioAdvisory Services
    • Technology
    • Artificial Intelligence
    • Cybersecurity & Data Privacy
    • Digital Commerce
    • Fintech
    • Real Estate
    • Hospitality & Leisure
    • Distressed Real Estate
    • Real Estate Special Situations
    • Real Estate Litigation
    • Wireless Network Infrastructure
  • Insights
    • Client News
    • Firm News
    • Briefings
    • Events
  • Careers
    • Experienced Lawyers
    • U.S. Law Students
    • London Trainee Program
    • Business Professionals
    • Professional Development
  • Public Interest
    • Brown Rudnick Charitable Foundation
    • Pro Bono & Community Service
  • Inclusion
    • Inclusion
    • Women in Business Series

Search People

Search by last name

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

see all people

Asset 3
  • LinkedIn
  • X (formerly known as Twitter)
  • Instagram
  • YouTube
  • Contact Us
  • Terms of Use
  • Privacy
  • Sitemap
  • LinkedIn
  • X (formerly known as Twitter)
  • Instagram
  • YouTube

© 2024 Brown Rudnick LLP. Attorney advertising.

All Rights Reserved.

All Posts Subscribe
print-logo
7/10/2023 6:01:08 PM | 2 minute read

Good Grief: Will the EU-US Data Privacy Framework Adequacy Decision Stick?

3
15

Get in touch

Avatar
Matthew Richardson
Partner

Get in touch

Avatar
Matthew Richardson
Partner
3
15

It has finally happened. After many months of speculation and nervous waiting, on July 10, the European Commission released its adequacy decision on the EU-U.S. Data Privacy Framework. The framework is the third iteration by the U.S. and EU governments to streamline data sharing between the two world powers.

As a result of adequacy decisions, personal data can flow freely and safely from the European Economic Area (EEA), which includes the 27 EU Member States as well as Norway, Iceland and Liechtenstein, to a third country, without being subject to any further conditions or authorizations. In other words, transfers to the third country can be handled in the same way as intra-EU transmissions of data.

U.S. companies will be able to join the EU-U.S. Data Privacy Framework by committing to comply with a detailed set of privacy obligations, basically submitting to the same rules and EEA data processors or similar obligations as if the U.S. company were using other tools, such as standard contractual clauses and binding corporate rules.

This opens U.S. companies up to several dangers of EU citizens bringing complaints against them for mishandling data. This includes independent dispute resolution mechanisms and an arbitration panel which are free of charge to the complainant.

The safeguards put in place by the U.S. will also facilitate transatlantic data flows more generally, since they also apply when data is transferred by using standard contractual clauses or binding corporate rules.

While signing up to the Privacy Framework will make it much simpler to transfer data from the EU to the U.S., it will also hugely increase the burdens placed on U.S. companies and open them up to new litigation and regulatory risks. The Framework adds to the obligations currently being imposed upon U.S. data processors by 10 states (with five more on the way), each with a different set of obligations.

There is also a need to be cautious. This is the third try by U.S. and EU authorities to create a binding data framework between the two blocs. The first two tries, the Safe Harbor, and the Privacy Shield, imposed similar but less onerous obligations on U.S. companies, and were both struck down by the Court of Justice of the European Union (CJEU) following actions brought by legendary privacy activist Maximillian Schrems.

These decisions, Schrems I and Schrems II, highlighted deficiencies in the predecessor regimes, including but not limited to the way in which the U.S. intelligence agencies are able to access data. The new Framework has specifically dealt with the issues raised in the Schrems cases by the creation of a new court that will adjudicate on the access to data by government agencies.

Standard enforcement will be handled by the U.S. Federal Trade Commission, which will fulfill a role similar to European data authorities and will have similar powers, including but not limited to massive fines and the ability to require data processors to behave in a certain way including deleting and correcting data, to stopping processing all together.

The EU and U.S. authorities are confident that the new Framework will satisfy the CJEU and that this time will be different to Schrems I and Schrems II. However, it behooves U.S. companies considering signing up for the Framework to take a far more circumspect approach to the overall process. It is all but guaranteed that Mr. Schrems will attempt a third bite of the cherry, and like Charlie Brown and Lucy with the football, it is possible that the CJEU could once again move the ball and leave U.S. companies with a large compliance costs for a defunct scheme. Until the European judicial process is completed, it would be wise to take a wait and see approach to the Framework and continue with the existing standard contractual clauses and binding corporate rules that have hitherto defied judicial scrutiny.

Football on tee ready for kickoff

Sign up to receive our latest BRiefings delivered directly to your inbox. Subscribe

Tags

cybersecurity & data privacy, adequacy, cross-border data flows, data transfer, schrems, cjeu, data privacy, european commission, ftc

Get in touch

Avatar
Matthew Richardson
Partner

Get in touch

Avatar
Matthew Richardson
Partner
Walters v. OpenAI: A Game-Changing Verdict Reshaping AI, Defamation and Tech's Future
5/27/2025 9:16:20 PM

Walters v. OpenAI: A Game-Changing Verdict Reshaping AI, Defamation and Tech's Future

By Erick Robinson
In a decision that could reshape the legal and technological landscape, the Superior Court of Gwinnett County, Georgia, issued a ruling...
4
4
8

Latest Insights

In the Financial Times, Partner Matthew Sharp discusses UK Renewable Transport Fuel Obligation (RTFO) compliance
5/30/2025 8:28:25 AM

In the Financial Times, Partner Matthew Sharp discusses UK Renewable Transport Fuel Obligation (RTFO) compliance

By Matthew Sharp
German Court Allows Meta to Use Public Data for AI Training: Implications for Europe’s AI Landscape
5/27/2025 3:16:48 PM

German Court Allows Meta to Use Public Data for AI Training: Implications for Europe’s AI Landscape

By Erick Robinson
4
4
NY Court of Appeals Applies Internal-Affairs Doctrine to Standing in Derivative Actions on Behalf of Foreign Corporations
5/21/2025 8:19:59 PM

NY Court of Appeals Applies Internal-Affairs Doctrine to Standing in Derivative Actions on Behalf of Foreign Corporations

By Jonathan Richman
1
25
26