The EU–US Data Privacy Framework provides a new legal basis for transatlantic data transfers, replacing the invalidated Privacy Shield. It includes binding safeguards on U.S. intelligence access and a new redress mechanism for EU citizens.
Organizations transferring personal data to the U.S. must update their transfer impact assessments, privacy notices, and vendor contracts. While the framework reduces legal uncertainty, regulators stress that companies remain accountable for transfer compliance.
DPOs must continuously monitor legal developments, especially potential challenges before the Court of Justice of the EU.
Official source:
European Commission – EU–US Data Privacy Framework
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-privacy-framework_en