TY - CHAP
T1 - The EU-US Data Privacy Framework: Is the Dragon Eating its Own Tail?
AU - Corrales Compagnucci, Marcelo
PY - 2024
Y1 - 2024
N2 - The European Commission’s adequacy decision on the EU-US Data Privacy Framework (DPF), adopted on July 10th, 2023, marks a crucial moment in transatlantic data protection. Following an Executive Order issued by President Biden in October 2022, this decision confirms that the United States (US) meets European Union (EU) standards for personal data protection. The decision extends to all transfers from the European Economic Area (EEA) to US entities participating in the framework, promoting privacy rights while facilitating data exchange. Key aspects include oversight of US public authorities’ access to transferred data, the introduction of a dual-tier redress mechanism, and granting new rights to EU individuals, encompassing data access and rectification. However, the EU-US DPF presents both promise and challenges in health data transfers. While streamlining exchange and aligning legal standards, it grapples with the complexities of divergent privacy laws. The recent bill for the introduction of a US federal privacy law emphasizes the urgent need for ongoing reform. Lingering concerns persist regarding the EU-US DPF’s resilience, especially amid potential legal battles before the Court of Justice of the EU (CJEU). The history of transatlantic data transfers between the EU and the US is riddled with vulnerabilities, reminiscent of the Ouroboros – an ancient symbol of a serpent or dragon eating its own tail – hinting at the looming possibility of the framework facing invalidation once again. This chapter delves into the main requirements of the EU-US DPF and offers insights on how healthcare organizations can navigate it effectively.
AB - The European Commission’s adequacy decision on the EU-US Data Privacy Framework (DPF), adopted on July 10th, 2023, marks a crucial moment in transatlantic data protection. Following an Executive Order issued by President Biden in October 2022, this decision confirms that the United States (US) meets European Union (EU) standards for personal data protection. The decision extends to all transfers from the European Economic Area (EEA) to US entities participating in the framework, promoting privacy rights while facilitating data exchange. Key aspects include oversight of US public authorities’ access to transferred data, the introduction of a dual-tier redress mechanism, and granting new rights to EU individuals, encompassing data access and rectification. However, the EU-US DPF presents both promise and challenges in health data transfers. While streamlining exchange and aligning legal standards, it grapples with the complexities of divergent privacy laws. The recent bill for the introduction of a US federal privacy law emphasizes the urgent need for ongoing reform. Lingering concerns persist regarding the EU-US DPF’s resilience, especially amid potential legal battles before the Court of Justice of the EU (CJEU). The history of transatlantic data transfers between the EU and the US is riddled with vulnerabilities, reminiscent of the Ouroboros – an ancient symbol of a serpent or dragon eating its own tail – hinting at the looming possibility of the framework facing invalidation once again. This chapter delves into the main requirements of the EU-US DPF and offers insights on how healthcare organizations can navigate it effectively.
KW - Faculty of Law
M3 - Book chapter
T3 - Perspectives in Law, Business and Innovation
BT - International Transfers of Health Data: A Global Perspective
A2 - Corrales Compagnucci, Marcelo
A2 - Fenwick, Mark
PB - Springer Nature Singapore
CY - Singapore
ER -