The Transatlantic Data Privacy Framework (TADPF) is an agreement between the European Union and the USA to align the differences in legal requirements for data privacy in the two regions.
For the US-side, President Biden signed an executive order implementing cer-tain commitments that were previously agreed upon in negotiations with the EU. This comprises
- Safeguards that, at least in theory, are meant to limit data access of the US security and intelligence agencies to what is necessary and propor-tionate, and
- the creation of a two-step complaint mechanisms for EU citizens in the form of (1) the Civil Liberties Protection Officer whose decisions can be challenged before the Data Protection Review Court.
On the EU-side, the EU Commission issued an adequacy decision, recognizing that the level of protection of personal data in the United States under the TADPF is comparable to that in the European Union.
Personal data can therefore flow freely from the EU to the US as long as the receiving company in the US participates (self-certified) in the TADPF. Further safeguards or alternative transfer tools, such as standard contractual clauses, are no longer required.
The question how permanent and reliable the TADPF will be is still open. After all, the last two attempts of similar frameworks (Safe Harbor and Privacy Shield) both failed and were nullified by the ECJ in the Schrems I and II rulings.