Commerce launches EU-US data privacy framework certification website

The Department of Commerce has launched a website to help American companies certify their participation with the recently adopted EU-U.S. Data Privacy Framework. 

The new site follows protracted negotiations between the United States and the EU to re-establish a mechanism for the transfer of European citizens’ personal data to the United States following a previous decision by a European court to invalidate the previous EU-U.S. Privacy Shield Framework.

U.S. companies transferring data to and from the EU can begin relying on the new landmark agreement but must certify their participation by Oct. 10 at www.dataprivacyframework.gov.

Through the new website, they can also certify compliance with the U.K. extension to the data privacy framework and Swiss-U.S. data privacy principles.

In October, President Biden issued an executive order to boost privacy and civil liberties safeguards as they relate to U.S. signals intelligence. Earlier this month, the EU adopted a data regime adequacy decision to permit the sharing of data.

The European Commission decided that the U.S. has provided adequate protections to E.U. citizens’ data after Washington implemented safeguards for Europeans against U.S. surveillance, including redress in front of a new data protection review court for E.U. citizens who believe American intelligence collected their personal data in a way that violates the agreement.

Under the agreement, U.S. tech companies are obligated “to delete personal data when it is no longer necessary for the purpose for which it was collected and to ensure continuity of protection when personal data is shared with third parties,” according to a European Commission press release.