The issue of data transfers to the U.S. was the subject of an earlier post on this website, but with the adequacy decision of last July 10, it appears that a tipping point has been reached.
The basic premise is that the EU regulations allow the processing of personal data outside the borders of Europe only and exclusively in countries that guarantee a level of protection and security of personal data that is equal to or greater than that which the GDPR imposes on the EU countries.
The adequacy of the foreign country’s regulations is done through an “adequacy opinion,” one of the institutions under the GDPR that allows the transfer of data on the basis of a prior analysis of the guarantees offered.
On July 10th, the long-awaited adequacy opinion of the European Commission was issued, referring to the new protocol replacing the previous Privacy Shield, which was nullified by the decision of the Court of Justice of the European Union in the so-called “Schrems II” decision.
As a result of the decision, data transfers between the EU and the U.S. will be legal, free, and permitted, although still debated, albeit subject to U.S. companies’ compliance with the new protocol.
Companies acting as data controllers of personal data will therefore have the opportunity to review internal processes and tools that involve the transfer of data to the United States, and possibly resume those flows that have been interrupted as a result of the Court’s 2020 ruling.
Companies acting as data controllers of personal data will therefore have the opportunity to review internal practices and tools that may involve the transfer of data to the United States, and possibly resume those flows that have been interrupted as a result of the Court’s 2020 ruling.
The firm remains at your disposal for any clarification that may be required.
(Avv. Giampiero Pino) (Avv. Luca Testa)
