Auditors, lawyers, tax consultants and management consultants: Four perspectives. One solution. Worldwide. Find out …
Our clients entrust us with their most important legal matters. Learn more about our legal services!
Tax laws are complex and dynamic. We face the challenge of tax law together with you - find out more.
US tariffs: Short term optimization – medium-term preparation
Germany’s Coalition Agreement and Tax Law – A Document to Fiscal Pragmatism
Capmont takes over DFH Deutsche Fertighaus Holding AG with Baker Tilly
BAG overturns forfeiture clause for share options after termination
Traditional Braunschweig logistics company Wandt is entering debtor-in-possession management with Baker Tilly
Probationary period in a fixed-term employment contract - how long can it be?
Industry-specific knowledge is essential in order to create the best conditions for customised solutions. Find out …
Baker Tilly advises biotech startup Real Collagen GmbH investment by US investor
Energy study: Uncertainty slows down investments by industry and utilities in Germany
After ECJ ruling: Financial investors still have no direct access to medical care centers
Benefit from bundled interdisciplinary competencies, expert teams and individual solutions. Learn more!
Baker Tilly offers a wide range of individual and innovative consulting services. Find out more!
On July 10, 2023, the European Commission issued a new adequacy decision. The decision stipulates that the US will ensure a level of protection comparable to that of the EU for personal data transferred from the EU to US companies within the new framework.
The drafting of a new adequacy decision was caused by the ECJ’s so-called Schrems II decision of July 16, 2020, in which the previous adequacy decision on the EU-US data protection shield (“Privacy Shield”) was declared invalid.
What new requirements does the EU-US Data Privacy Framework entail?
The EU-US Data Privacy Framework introduces new binding safeguards to meet the requirements of the ECJ ruling of July 16, 2020. Among other things, it limits access by US intelligence agencies to EU data to a necessary and proportionate level and establishes a Data Protection Review Court. Individuals in the EU will have access to this court.
If such court finds that the new safeguards have been breached in the course of data collection, it can order that such data be deleted. EU citizens will have several legal remedies if their data is not handled properly by US companies. These include free independent dispute resolution mechanisms and an arbitration board.
US entities can now obtain a certification under the EU-US Data Privacy Framework by undertaking to comply with detailed data privacy obligations in order to be recognized as a secure data recipient pursuant to Art. 44, 45 GDPR.
Transfer of personal data to the US now legally secure?
For the time being, personal data can now be transferred to the US in a legally secure manner. Nevertheless, the ECJ will address the legality of the EU-US Data Privacy Framework in the near future.
Companies transferring personal data to the US (the application of common cloud software such as Microsoft 365 is already sufficient to be deemed as transfer) should check with the providers whether they are certified accordingly.
View all news