EU-U.S. Data Privacy Framework (EU-U.S. DPF)
|
Item Number: 0000001
About
The United States Council for International Business (USCIB) advances the global interests of American business both at home and abroad. It is the American affiliate of the International Chamber of Commerce (ICC), the Business and Industry Advisory Committee (BIAC) to the OECD, and the International Organisation of Employers (IOE). As such, it has agreed to act as a trusted third party on behalf of the European Union (EU) Data Protection Authorities.
Background
The EU-U.S. Data Privacy Framework (EU-U.S. DPF), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from EU member countries to companies in the United States, requires that participating U.S. companies have in place appropriate independent recourse mechanism/s (IRMs) for dispute resolution. Any company may choose the EU data protection authorities (EU DPAs) to serve as an IRM for dispute resolution; however, any company that wishes to cover ‘human resources data’ (i.e., personal information about employees, past or present, collected in the context of the employment relationship) under its self-certification of compliance pursuant to the EU-U.S. DPF must use the EU DPAs as the IRM for that category of data.
Organizations participating in the EU-U.S. DPF may receive personal data from the European Union / European Economic Area in reliance on the EU-U.S. DPF effective July 10, 2023. July 10, 2023 is the date of entry into force of the European Commission’s adequacy decision for the EU-U.S. DPF and the effective date of the EU-U.S. DPF Principles, including the Supplemental Principles and Annex I of the Principles. The adequacy decision enables the transfer of EU personal data to participating organizations consistent with EU law.
Organizations participating in the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF) may receive personal data from the United Kingdom and Gibraltar in reliance on the UK Extension to the EU-U.S. DPF effective October 12, 2023, which is the date of entry into force of the adequacy regulations implementing the data bridge for the UK Extension to the EU-U.S. DPF. The data bridge for the UK Extension to the EU-U.S. DPF enables the transfer of UK and Gibraltar personal data to participating organizations consistent with UK law.
Organizations participating in the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) may receive personal data from Switzerland in reliance on the Swiss-U.S. DPF effective September 15, 2024, which is the date of entry into force of Switzerland’s recognition of adequacy for the Swiss-U.S. DPF. While July 17, 2023 was the effective date of the Swiss-U.S. DPF Principles, including the Supplemental Principles and Annex I of the Principles personal data could not have been received from Switzerland in reliance on the Swiss-U.S. DPF until the date of entry into force of Switzerland’s recognition of adequacy for the Swiss-U.S. DPF. The recognition of adequacy enables the transfer of Swiss personal data to participating organizations consistent with Swiss law.
For all companies that have chosen or are required to use the EU DPAs as the IRM for dispute resolution (i.e., have agreed to cooperate and comply with the advice of the EU DPAs concerning the investigation and resolution of complaints brought under the EU-U.S. DPF Principles), an annual fee must be paid to the USCIB in the amount of US $50.00 to cover the operating costs of the EU DPA panel. The USCIB has agreed to serve as the custodian of the funds collected through the EU DPA panel fee, but does not itself serve as an IRM.
Payment to USCIB
You may use the following link to pay US $50.00 to cover the operating costs of the EU DPA panel — https://dataprivacyframework.uscib.org. A company’s payment of this fee to the USCIB does not obviate the need for that company to self-certify its commitment to the EU-U.S. DPF. Information concerning the self-certification process under the Data Privacy Framework (DPF) Program administered by the U.S. Department of Commerce, and other resources concerning the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF is available on the Department’s DPF Program website: https://www.dataprivacyframework.gov/.
|
|
|