DPF Timeline

The Data Privacy Framework (DPF) Program is now in effect, replacing Privacy Shield as the mechanism to allow the safe, seamless transfer of personal data from the EU to the U.S in compliance with EU law. This timeline documents the milestones in this journey since Privacy Shield was invalidated in July 2020.

Ready for a consultation with our Global Privacy Division to learn more about joining the Data Privacy Framework Program? Sign up here.
Have questions specific to the transition from Privacy Shield to the Data Privacy Framework? Contact us at GlobalPrivacy@bbbnp.org.

From Privacy Shield to DPF

Schrems II invalidated Privacy Shield.

The EU and U.S. announce an agreement, in principle, on a new Trans-Atlantic Data Privacy Framework.

EU-U.S. Joint Statement

President Biden signed an Executive Order that would serve as the legal basis for an adequacy determination.

Read the Executive Order

The U.S. Department of Justice signed regulations establishing a review court required by the October 7 Executive Order.

The International Trade Administration (ITA), U.S. Department of Commerce published FAQs 1-7 for the EU-U.S. Data Privacy Framework.

The European Parliament released a non-binding draft opinion urging the EU Commission to not adopt its draft adequacy determination and continue negotiations.

The European Data Protection Board (EDPB) released its non-binding opinion of the EU Commission’s draft adequacy decision welcoming “substantial improvements” while expressing concerns and requesting further clarification on several points.

IAPP Article

Members of EU Parliaments (MEPs) call for renegotiation of EU-U.S. Data Privacy Framework.

MEPs adopt a Resolution rejecting the EU-U.S. Data Privacy Framework.

Adopted Resolution

Irish DPC finds Meta's use of SCCs insufficient, highlighting the urgent need for the EU-U.S. Data Privacy Framework.

UK and US reach commitment to establish a UK Extension to the Data Privacy Framework, creating a “data bridge” for cross-border data transfers between the two countries.

The U.S. Department of Justice and the Office of the U.S. National Intelligence Director announced that all commitments under Executive Order 14086 have been fulfilled.

24 out of 27 EU Member States voted in favor of the EU-U.S. Data Privacy Framework indicating that the DPF provides an adequate level of protection for personal data.

The European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework.

Read Our Statement

The European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF) entered into force and the Department of Commerce launched the program’s website (dataprivacyframework.gov/). U.S. organizations are now able to self-certify.

Read our Press Release

The UK Government’s recognition of the adequacy of the UK Extension to the EU-U.S. DPF entered into force.

Read our Blog

The Swiss-US Data Privacy Framework entered into force when the Swiss Federal Council published their decision to add the U.S. to the list of countries with an adequate level of data protection.

The European Commission delivered the first review of the EU-U.S. Data Privacy Framework (DPF), confirming that key protections for cross-border data transfers are in place and functioning effectively.

Read the EDPB Report

Our Programs

Media & Resources

National Partners

About

DPF Timeline

From Privacy Shield to DPF

07.16.20

03.25.22

10.07.22

10.07.22

01.11.23

02.14.23

02.28.23

04.12.23

05.11.23

05.22.23

06.08.23

07.03.23

07.07.23

07.10.23

07.17.23

10.12.23

08.14.24

10.09.24