Europeans are ready to give up their privacy rights, but some obstacles are still present

The European Union and the United States are negotiating a new treaty for the exchange of personal data, but the European privacy regulators United in the EDPB are concerned about the Data Privacy Framework (DPF). The DPF should replace the previously defunct Privacy Shield.

According to the EDPB, there are several positive points to the new framework, including the application of principles such as necessity and proportionality for US intelligence agencies seeking to collect data and a new mechanism for Europeans to object. However, there are still the necessary concerns and ambiguities in the proposal. This concerns the rights of Europeans, the further transfer of data, the scope of the exceptions, the temporary bulk collection of data and the practical functioning of the means of Appeal.

“A high level of data protection is essential to protect the rights and freedoms of European individuals,” said EDPB president Andrea Jelinek. She argues that major improvements have been made to the framework, but that the concerns and ambiguities expressed still need to be addressed, because otherwise the adequacy decision cannot stand. In addition, the EDPB considers that after the first evaluation of the adequacy decision, a new assessment should take place every three years.

The draft adequacy decision that Jelinek is talking about was published by the European Commission last December and is based on the EU-U.S. Data Privacy Framework, which, as mentioned, should replace the Privacy Shield treaty after it was previously declared invalid by the European Court of justice. At the heart of the DPF are the EU-US Data Privacy framework principles, originating from the US Department of Commerce. The DPF only applies to U.S. organizations that have self-certified based on the requirements of the framework.