Yes! Finally there is some clarity about the long-awaited EU-U.S. Data Privacy Framework! U.S. President signed the executive order implementing it and it seems that two years of worrying about non-compliance with personal data transfers regulation when using U.S.-based service providers are over.
The main takeaways from the executive order:
Intelligence activities should be conducted only for national security objectives.
The U.S. shall establish a multi-layer redress mechanism to address complaints of alleged violations. The Office of the Director of National Intelligence would conduct an initial investigation to assess qualifying claims and potential remedies, and an independent Data Protection Review Court would render binding decisions.
DPRC judges will be appointed from outside the government, will have backgrounds in data privacy and national security, will review cases independently, and enjoy protections against removal.
The framework will have to undergo a ratification process by the European Data Protection Board, the European Parliament, and the European Commission, so negotiations of such model will take time. However, new rules on this matter may be expected soon − in the spring of 2023.
If you have questions on this topic or seek advice on other privacy-related matters, our GDPR experts would be happy to help.