The EU and U.S. Update Their Shared Privacy Framework

In December, the EU and U.S. began updating their shared Data Privacy Framework, which will increase security for trans-Atlantic data transferring for businesses and organizations. The decision came about to create increased privacy for Europeans in regard to U.S. criminal law enforcement and national security purposes and ensure that countries outside the EU maintain the same level of data protection standards.

What Is An Adequacy Decision?

An adequacy decision is a tool created by the General Data Protection Regulation (GDPR) to transfer data from the EU to non-EU countries. The GDPR is a law created by the European Union to establish privacy protections for individuals when their personal data is being processed by organizations within the European Economic Area and now the U.S.

The establishment of the adequacy decision will enable entities to transfer personal data without additional data protection safeguards like contracts and official authorizations. Organizations within the U.S. will be able to participate by complying with the new set of data privacy obligations. This will limit the sharing of personal information with third parties and require higher data security standards, but ultimately increase the flow of data.

What Does This Mean For Individuals?

The framework will take time to establish itself fully through the appropriate channels, but the general idea is that your data will be better protected. The framework should also provide greater transparency in how companies utilize your data and give recourse for those whose data is not used in accordance with disclosures. The regulatory process will not protect you from corruption or business fraud, however, and it does not completely prevent data breaches.

Everyone can agree that additional safeguards are necessary, but personal data is still considered a commodity, and even companies that claim that they have achieved the outlined security standards may not be perfectly adhering to them. It’s possible that it could take months or years to realize that your data has been compromised in some way.

What Does This Mean for Companies?

Regardless of the standards set forth between the U.S. and EU, it’s still imperative to maintain your own high-level data security standards. If your company deals with transferring data between the U.S. and EU, don’t let the new set of standards give you a false sense of security. Hackers and fraudsters will immediately look for ways to exploit weaknesses in the new Shared Data Privacy Framework.

In the event that your data is compromised, it’s still possible to retrieve your assets and seek justice. If you need experienced and effective international legal guidance for yourself or your business regarding cybersecurity and asset recovery, contact a STARNet firm member today.

The following two tabs change content below.


STARNet, which is short for Stolen Asset Recovery Network, is a global alliance of independent law firms created to provide financial institutions and governments with multi-disciplinary services across countries and jurisdictions for locating, freezing, and ultimately recovering stolen assets related to cyber heists, fraud or corruption.

Latest posts by STARnet (see all)