Takeaways
- Increased federal deregulation and related actions are further destabilizing the already tenuous foundation of the Data Privacy Framework (DPF). European privacy regulators have been issuing guidance indicating that they expect a European pull-back from the DPF.
- Businesses that rely on the DPF should maintain their certification, but should move now to prepare to activate alternative data transfer mechanisms, such as the standard contractual clauses, and update lapsed transfer and data privacy impact assessments.
- Review current cloud-storage arrangements and consider regionalizing European data storage to avoid EU-to-U.S. data transfers, especially if your cloud provider is relying on DPF certification to legitimize GDPR data transfers.
After years of litigation, false starts, and invalidated frameworks, the U.S. had finally achieved a simplified path for GDPR compliant transfers of personal data from Europe. However, European reaction to the recent changes on the U.S. side of the pond indicates a wavering in the support of the EU-U.S. Data Privacy Framework (DPF) and threatens to send the U.S. back into the data transfer dark ages.Continue Reading Status Check: Support Is Quickly Eroding for the EU-U.S. Data Privacy Framework