Attorney General Merrick B. Garland hosted Secretary of Commerce Gina Raimondo and European Commissioner for Justice Didier Reynders for a meeting at the Justice Department today marking the European Union (EU)’s recognition of the adequacy of the EU-U.S. Data Privacy Framework (DPF).

“The DPF is a testament to the strength of the U.S.-EU relationship, and it reflects our joint commitment to promoting economic opportunity while protecting individual privacy rights,” said U.S. Secretary of Commerce Gina Raimondo. “Now, businesses – large and small – will be able to access a streamlined and affordable mechanism to transfer data between our jurisdictions. To meet the needs of businesses, the Commerce Department launched the DPF program website today, giving companies a one-stop-shop where they can sign up for the DPF program and get important information about its benefits.”

“The EU-U.S. Data Privacy Framework reflects the strength of the partnership between the United States and the European Union as well as our shared commitment to upholding the rule of law, protecting individual privacy, and keeping the public safe,” said Attorney General Merrick B. Garland. “We are grateful to our European partners for the years of work and cooperation that brought us to this point, and we look forward to continuing our work together to implement these important new data privacy safeguards.”

“The EU-US Data Privacy Framework represents a significant achievement for safe and trusted transatlantic data flows,” said European Commissioner for Justice Reynders. “The new framework guarantees the fundamental right of Europeans for the protection of their personal data and brings legal certainty for companies on both sides of the Atlantic. Today’s meeting is the result of months of intense negotiations based on shared values and trust with my U.S. counterparts. It shows the EU and the U.S. are like-minded partners that can work together to find solid solutions to complex issues.”

Last week, the Departments of Commerce and Justice welcomed the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework, to which President Biden and European Commission President von der Leyen agreed in March 2022. Transatlantic data flows underpin more than $7 trillion in cross-border trade and investment per year and create greater economic opportunities for companies and citizens on both sides of the Atlantic. The DPF will be a valuable tool for businesses of all sizes, including small and medium, that are participating in the transatlantic economy, providing an affordable and straightforward means of transferring personal data consistent with EU law. The adoption of the adequacy decision on July 10 by the European Commission establishes a basis in EU law for the transfer of personal data from EU countries to the United States by businesses in both America and Europe using the DPF. This determination will also facilitate transfers through other EU legal mechanisms, including Standard Contractual Clauses and Binding Corporate Rules. The EU’s adoption of the adequacy decision was made possible by the fulfillment of the commitments the United States made in the EU-U.S. Data Privacy Framework (EU-U.S. DPF), announced by Presidents Biden and von der Leyen in March 2022:

• On Oct. 7, 2022, President Biden issued Executive Order 14086 on Enhancing Safeguards for United States Signals Intelligence Activities, which bolstered an already rigorous array of privacy and civil liberties safeguards for U.S. signals intelligence activities. It also created an independent and binding mechanism enabling individuals in qualifying states, as designated under the Executive Order, to seek redress if they believe their personal data was collected through U.S. signals intelligence in a manner that violated applicable U.S. law.
• Also on Oct. 7, 2022, and pursuant to that Executive Order, Attorney General Garland signed a new regulation establishing a Data Protection Review Court (DPRC). The DPRC will independently review determinations made by the Civil Liberties Protection Officer of the Office of the Director of National Intelligence in response to qualifying complaints sent by individuals through appropriate public authorities that allege certain violations of U.S. law in the conduct of U.S. signals intelligence activities.
• On June 30, Attorney General Garland designated the EU and the three additional countries making up the European Economic Area (EEA) as “qualifying states” - contingent on the adoption of an adequacy decision - for purposes of implementing the redress mechanism established under Executive Order 14086.

The Office of the Director of National Intelligence confirmed on July 3, 2023, that U.S. intelligence agencies have adopted implementing procedures as required by the Executive Order.