On July 10, 2023, the European Commission adopted an adequacy decision for the new EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the successor to the EU-U.S. Privacy Shield, which the Court of Justice of the European Union deemed invalid on July 16, 2020. The U.S. Department of Commerce (“DoC”) is charged with administering and monitoring the EU-U.S. DPF program.
On July 17, 2023, the DoC International Trade Administration launched its EU-U.S. DPF website. Companies are now able to review the key requirements for participating organizations, including how to join the program and how to recertify.
How to Join or Recertify
If your company would like to participate in the EU-U.S. DPF and is not actively certified under the EU-U.S. Privacy Shield, you will have to self-certify via the DPF website. The DoC has provided a guide to self-certification, and further information in preparation for the process can be found in the DPF website’s FAQs.
If your company is currently actively certified under the EU-U.S. Privacy Shield, you may begin to rely on the EU-U.S. DPF if you believe your company to be compliant. However, you will still need to update your privacy policy as soon as possible but no later than October 10, 2023. Requirements for compliant privacy policies can be found in the DPF website FAQs. An organization’s privacy policy must align with the DPF principles, specifically including each element of the notice principle, setting forth items about which a company must...
The media company led by MrBeast, the YouTube megastar whose real name is Jimmy Donaldson, has been sued by a former employee, who alleges she was subjected to years of sexual harassment, gender b...