EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

The EU–US data privacy framework and the impact on companies in the EEA and USA compared to other international data transfer mechanisms

Lothar Determann, Michaela Nebel and Michael Schmidl
Additional contact information
Lothar Determann: Baker McKenzie LLP, USA
Michaela Nebel: Baker McKenzie, Germany
Michael Schmidl: Co-head of the German Information Technology Group, Baker McKenzie, Germany

Journal of Data Protection & Privacy, 2023, vol. 6, issue 2, 120-134

Abstract: Third time's a charm? Companies in the European Economic Area, Switzerland and the UK (EEA+) are considering the pros and cons of the third attempt of the EU Commission and US government to establish interoperability between their data protection and privacy law systems, after the demise of the US Safe Harbor Program and the EU–US Privacy Shield. Should US companies register? Are the efforts worth the potential benefits, given that the new programme has already been challenged and may be invalidated like previous programmes for reasons that businesses cannot control? Should companies that were already enrolled in the previous programmes accept automatic enrolment or leave the programme? Can and should companies in the EEA+ rely on EU–US Data Privacy Framework (DPF) registration for international transfers? Or insist on registration in addition to standard contractual clauses (EU SCC 2021) or other compliance mechanisms? Are data transfer impact assessments (DTIAs) still required for transfers to the US? Should they be updated? This paper seeks to help companies find answers to these questions and (I) outlines the background and context of the Adequacy Decision, (II) explains how US companies can join the DPF, (III) discusses the impact of the Adequacy Decision, (IV) summarises requirements for other compliance mechanisms for international data transfers under the GDPR, (V) compares the DPF to other transfer compliance mechanisms and (VI) provides practical considerations and a summary.

Keywords: EU–US Data Privacy Framework; EU–US Privacy Shield; US Safe Harbor Program; GDPR; data protection law; international data transfers; data transfer impact assessments; three hurdles (search for similar items in EconPapers)
JEL-codes: K2 (search for similar items in EconPapers)
Date: 2023
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/8149/download/ (application/pdf)
https://hstalks.com/article/8149/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:jdpp00:y:2023:v:6:i:2:p:120-134

Access Statistics for this article

More articles in Journal of Data Protection & Privacy from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:aza:jdpp00:y:2023:v:6:i:2:p:120-134