Contact Our Commercial Solicitors
Myerson's Commercial and IT / Technology team have extensive knowledge relating to data protection law. Please contact our lawyers if you need advice concerning EU-US data transfers on:
The European Commission (the EC) has adopted an adequacy decision on the EU-US Data Privacy Framework.
The EU-US Data Privacy Framework is the legal mechanism that will now enable the otherwise restricted transfers of personal data from the EU to the US, replacing the defunct predecessor, the EU-US Privacy Shield.
Previously, data was shared between the EU and the US under the EU-US Privacy Shield.
However, the landmark ruling achieved by data activist Maximillian Schrems rendered the mechanism defunct in 2020, rendering the transfers of personal data from the EU to the US restricted (and therefore prohibited) unless alternative measures were implemented (see below).
Further information on the Schrems case can be found in our article.
Under the EU GDPR, transfers of EU citizen’s personal data out of the EU are restricted unless:
Therefore, US organisations can apply to the US Department of Commerce for certification, and once certified, EU organisations can allow the transfer of personal data to flow freely.
The UK has not yet adopted an adequacy decision for the US.
Until such time, transfers of personal data between the UK and the US remain restricted; therefore, measures approved per the UK GDPR should be put into place.
Further information on how to transfer personal data outside of the UK can be found in our article.
Myerson's Commercial and IT / Technology team have extensive knowledge relating to data protection law. Please contact our lawyers if you need advice concerning EU-US data transfers on: