The EU-US data protection framework brings new binding safeguards aimed at addressing concerns raised by the European Court of Justice. This includes limiting U.S. intelligence agencies’ access to EU data to a necessary and proportionate extent, and creating a Data Protection Review Court (DPRC) to which EU citizens have access.
Compared to the mechanism in place in the Privacy Shield, this new framework shows considerable progress. For example, the DPRC has the authority to require the deletion of data if it is determined that the new safeguards were violated during the data collection process. These new safeguards on government access to data will complement the obligations that U.S. companies taking data from the EU must comply with.