New EU-US data privacy framework and OECD declaration of common principles on government access: Surviving Schrems?

On December 13, 2022 the European Commission published its draft Adequacy Decision for EU-U.S. data transfers. The draft decision reflects the continued coordination between the EU and U.S. to identify and implement a lasting solution to facilitate international data transfers following the Court of Justice of the European Union’s judgment in Schrems II.

The next day, December 14, 38 OECD countries and the EU announced the adoption of a major international agreement among democratic nations committing to common standards for safeguarding privacy, and assuring transparency, oversight and redress with respect to their governments’ law enforcement and national security data access. OECD Secretary-General Mathias Cormann described the Declaration saying “Today’s landmark agreement formally recognises that OECD countries uphold common standards and safeguards. It will help to enable flows of data between rule-of-law democracies, with the safeguards needed for individuals’ trust in the digital economy and mutual trust among governments regarding the personal data of their citizens.”

The EU’s draft adequacy decision determines that the U.S., through the newly created EU-U.S. Data Privacy Framework, provides comparable safeguards to those of the EU and ensures an adequate level of protection for personal data transferred from the EU to certified organizations in the US. Whilst there is still more to come before organizations can begin to rely on the Framework, this marks a highly anticipated step in that process.

Join OneTrust DataGuidance and Sidley Austin LLP in a discussion with key players in international data transfers, including:

  • Bruno Gencarelli, Deputy to the Director – Fundamental Rights and Rule of Law, Head of Unit – International Data Flows and Protection at the European Commission
  • Peter A. Winn, Chief Privacy and Civil Liberties Officer at the United States Department of Justice
  • Joe Jones, Deputy Director – International Data Transfers at the UK Department for Digital, Culture, Media & Sport

We will examine the European Commission draft Adequacy Decision and the Framework in detail, including the likelihood of it withstanding future legal challenges. The program will further assess the impact of the OECD Declaration, given its stated purpose to promote trust in cross-border data flows among countries sharing democratic values and touch on the pending UK-U.S. adequacy decision.

Key takeaways will include:

  • Detailed legal analysis of the European Commission draft Adequacy Decision and the EU-U.S. Data Privacy Framework
  • What organizations should know about the Framework’s Principles
  • Other internal data transfer developments, including the UK-U.S. adequacy decision and the OECD declaration of common principles
  • Next steps in the process and predictions for the future

On-demand webinar coming soon...

You may also like


Privacy Management

Managing data transfers within the UK & EU

Join our experts as we discuss ways to effectively manage data transfers between the UK & EU while staying compliant with the latest privacy regulations.

October 31, 2023

Learn more


Data Discovery & Security

A guided tour of OneTrust Data Discovery magic

Our expert speaker will demonstrate how common real-world data challenges can be identified, addressed, and reported on, leading to better data governance, security, and alignment with business goals. 

October 26, 2023

Learn more


Data Discovery & Security

Data minimization and risk assessment in data discovery

Explore the concept of data minimization and its crucial role in enhancing security, privacy, and reducing risk.

October 19, 2023

Learn more