News 09 Apr. 2024
Curtis Announces New Partners and Counsels Across Offices in Spring 2024
more
News 25 Jan. 2024
Counsel Mohannad A. El Murtadi Suleiman Addresses “Africanization” of International Investment Law
Event 18 Aug. 2023
Partner Borzu Sabahi Speaks at FDI Moot Shenzhen
News 25 Jul. 2023
Partner Eric Gilioli Ranked in Top 10 Influential Energy & Natural Resources Lawyers in Kazakhstan in Business Today
Client Alert 28 Dec. 2023
U.S. to Impose Secondary Sanctions on Non-U.S. Banks For Financing Russia’s Defense Industry
Event 22 Aug. 2023
Partner Dr. Claudia Frutos-Peterson to Speak at Arbitration and ADR Commission of the ICC Mexico
Event 11 Jul. 2023
Partner Elisa Botero Speaks on the Role of the ICC in Investment Disputes
News 15 Aug. 2023
Legal Reader Publishes Article on Dr. Majed Alotaibi’s Arrival as Senior Counsel in Curtis’ Riyadh Office
News 31 Jul. 2023
Curtis Welcomes Senior Saudi Advisor, Dr. Majed Alotaibi, to its Riyadh Office
News 24 Aug. 2023
Curtis Attorneys Quoted in CoinDesk on FTX Founder Sam Bankman-Fried’s Strategy Ahead of His Criminal Trial
Client Alert 24 Jun. 2021
Update on Virtual Notarization (Executive Order 202.7) During the COVID-19 (Coronavirus) Pandemic (Updated: June 24, 2021) — U.S. Insight
Update on Virtual Witnessing (New York Executive Order 202.14) During The COVID-19 (Coronavirus) Pandemic (Updated: June 24, 2021) — U.S. Insight
event
Curtis Attorneys Attend the 2024 ACSS European Conference on Global Sanctions and Export Controls
article
Curtis Partner John Balouziyeh Quoted in an Article Analyzing War Crimes Litigation
Client Alert 01 Aug. 2023
Download the full alert with footnotes
On July 10, the European Commission officially adopted its decision on US adequacy, ushering in the new EU-US Data Privacy Framework. Despite some concerns raised by privacy advocates and the European Data Protection Board, 24 EU Member states voted in favor of the framework.
Under this framework, companies will be able to transfer data from the EU to the US after certifying their compliance with the framework’s privacy obligations.
The EU’s data privacy law, the GDPR, creates restrictions around data transfers from the EU to other countries. Under Article 45 of the statute, an entity may transfer EU personal data to a foreign country that the EU has determined ensures an “adequate level of protection for personal data.” For all other countries, any transfers of EU personal data to them must comply with Articles 46 and 49 of the GDPR.
Under this latest framework, the EU has determined that the US ensures an “adequate level of protection.” This reduces burdens and simplifies the legal regime around data transfers between the two regions.
This framework is the third attempt at a data transfer agreement between the EU and US and represents the third adequacy decision on the US. The first two were struck down by the European Court of Justice (ECJ) due to concerns over US intelligence surveillance and data collection. This latest version attempts to address those concerns by introducing new safeguards in the US, such as establishing a Data Protection Review Court to provide a redress mechanism for EU individuals and requiring that intelligence activities be necessary and proportionate to intelligence priorities.
Nevertheless, Max Schrems, the Austrian privacy activist responsible for the demise of the first two frameworks, has already promised to challenge this latest framework before the ECJ, claiming that US policies still provide insufficient privacy protections.
It remains to be seen if the framework will survive future legal challenges, but in the meantime its enactment progresses. On July 17, the US Department of Commerce launched a website which allows companies to certify their compliance with the framework and restart the process of data transfers from the EU.
The EU-US Data Privacy Framework will be subject to periodic review by the European Commission, together with European data protection authorities and US authorities, to ensure US safeguards have been fully implemented and remain effective. The first such review will occur within a year.
About Curtis
Curtis, Mallet-Prevost, Colt & Mosle LLP is a leading international law firm. Headquartered in New York, Curtis has 19 offices in the United States, Latin America, Europe, the Middle East and Asia. Curtis represents a wide range of clients, including multinational corporations and financial institutions, governments and state-owned companies, money managers, sovereign wealth funds, privately owned businesses, individuals and entrepreneurs. The firm is particularly active on behalf of clients operating in the energy and renewable energy, commodities, telecommunications, manufacturing, transportation and technology industries.
For more information about Curtis, please visit www.curtis.com.
Attorney advertising. The material contained in this Client Alert is only a general review of the subjects covered and does not constitute legal advice. No legal or business decision should be based on its contents.
Data Protection and Privacy Law
Jonathan J. Walsh
Partner
Vadim Belinskiy
Associate
New York
+1 212 696 6000
client alert
EU-US Data Privacy Framework Progresses through EU Approval Process
Is Congress Getting Closer to Enacting Comprehensive Federal Data Privacy Legislation?
We use cookies on our website to enhance your browsing experience, match your interests and assess our website performance. We do not share information with any third-party for marketing purposes. Please view our privacy policy to learn more about the use of cookies on our website. By continuing to browse our website, you consent to our use of cookies.