Extract from Cassandre Coyer’s article “To Certify or Not to Certify: The EU-US Data Privacy Framework”
This summer marked a key development in the history of data transfers between the U.S. and European Union when the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework after two prior invalidated agreements.
But whether that milestone is translating to a wave of companies registering to get certified under the new framework is less apparent.
Given the looming possibility of a Schrems III lawsuit from privacy advocate Max Schrems, an aggressive Federal Trade Commission and customers’ ongoing demand for standard contractual clauses, companies should weigh the costs and benefits of getting certified.
Below, data privacy attorneys highlighted some of the key considerations at play on both sides of the argument during an EU-U.S. Data Privacy Framework webinar from law firm Baker McKenzie on Thursday.
The Pros: ‘Convenient and Easy’ Solution
Despite some uncertainties around the longevity of the DPF, Brian Hengesbaugh, chair of Baker McKenzie’s global data privacy and security business unit, noted that he expects more companies to certify with the framework than with its predecessor, the Privacy Shield, because it is in a stronger position to withstand legal challenges.
