The EU-US Data Privacy Framework is Actually Better

We have helped a couple clients who already comply with the CCPA and GDPR to update their privacy programs for compliance with the EU-US Data Privacy Framework (DPF). Mainly, the process is more thorough and better than its predecessor, the Privacy Shield. Here’s why:

1. The Privacy Policy requirements are clear and listed on the DPF Site. For Privacy Shield you had to submit your policy to the program site and hope it passed muster; with the DPF, the requirements are out in the open and overlap considerably with the CCPA, notably consumer rights.

2. A consumer’s recourse mechanisms are clear, objective, and several. Organizations must submit to an independent recourse mechanism AND arbitration by the international arm of the AAA. This is far better than the old Privacy Shield’s FTC complaint process.

3. If your organization already complies with the CCPA or GDPR, which it likely does if it is concerned with EU-US data transfers, then updating your privacy policy will be relatively quick.

4. Implementing the DPF means no more EU Standard Contractual Clauses! This means shorter contracts, quicker signatures, and less parsing the SCC’s weird optional modules.

   So, if your EU customers are clamoring for DPF compliance or you want to advertise forward-thinking privacy policies, let SK&S help you self-certify under the DPF! Contact me at codevilla@skandslegal.com.