The European Data Protection Board (EDPB) has raised concerns about the EU-US Data Privacy Framework, despite its formal ratification by the European Commission.
The framework, which is the result of almost two years of negotiations, has been criticized by the EDPB for its broad exemption of publicly available information from framework principles, the lack of specific rules on automated decision-making and profiling, and the absence of key definitions.
The EDPB’s analysis of the framework has raised concerns about its adequacy and effectiveness, highlighting areas where it falls short of the EU’s General Data Protection Regulation. The EDPB has recommended that the commission assess the updated policies and procedures before its implementation.
The European Parliament is expected to vote on a resolution urging the commission not to approve the framework, although the disapprobation would not be binding.
The EU Justice Commissioner has responded to the EDPB’s concerns, stating that his agency will carefully analyze the privacy agency’s recommendations and wait for the positions of the European Parliament and EU Council.
Overall, the European Data Protection Board’s criticisms of the EU-US Data Privacy Framework suggest that further work is needed to ensure that it provides adequate privacy protections for European citizens.
The EDPB’s concerns should be taken seriously, as they could impact the framework’s effectiveness and lead to legal challenges from privacy advocates.
