EU-US Data Privacy Framework (EU-US DPF)

A mechanism to align differences in EU-US data protection standards that allows data transfers to the US.

Mar 25, 20252 min read

The EU-US Data Privacy Framework (EU-US DPF), formerly Transatlantic Data Privacy Framework (TADPF), is an agreement between the European Union and the USA to align the differences in legal requirements for data protection in the two regions.

For the US side, President Biden signed an executive order on October 7, 2022, to implement certain commitments that were previously agreed upon in negotiations with the EU. This comprises

On the EU-side, the EU Commission issued an adequacy decision, recognizing that the level of protection of personal data in the United States under the DPF is comparable to that in the European Union.

Personal data can therefore flow freely from the EU to the US as long as the receiving company in the US participates (self-certified) in the EU-US DPF. Further safeguards or alternative transfer tools, such as standard contractual clauses, are no longer required.

The question how permanent and reliable the EU-US Data Privacy Framework will be is still open. After all, the last two attempts of similar frameworks (Safe Harbor and Privacy Shield) both failed and were nullified by the ECJ in the Schrems I and II rulings. The ECJ has yet to review the EU-US DPF.