If you work for a business looking to transfer data between the EU and the United States, the FTC has resources to point you in the right direction. On July 17, 2023, the European Commission issued an adequacy decision on the EU-U.S. Data Privacy Framework (DPF). This new voluntary Framework, which replaces the Privacy Shield program, provides a mechanism for companies to transfer personal data from the EU to the United States in a privacy-protective way consistent with EU law. To join the Data Privacy Framework, a company must self-certify to the Department of Commerce that it complies with the Data Privacy Framework Principles. A participating company’s failure to comply with the Principles may violate Section 5 of the FTC Act’s prohibition on unfair and deceptive acts. The FTC is committed to vigorous enforcement of the DPF Principles, and works with privacy authorities in the EU to protect consumer privacy on both sides of the Atlantic. For more information, including how to join, visit the Data Privacy Framework Program. The Data Privacy Framework site also features a searchable list of participating businesses.
Letter expressing FTC commitment to protecting consumer privacy and the enforcement of the U.S.-EU Safe Harbor Program
FTC staff comments on the European Commission's review of the U.S.-EU Safe Harbor Framework
Keynote Address by FTC Chairwoman Edith Ramirez at the Transatlantic Consumer Dialogue and Multi-Stakeholder Dialogue on the Transatlantic Trade and Investment Partnership