What is the purpose of the Data Privacy Framework?

It enables the lawful transfer of personal data from the EU to certified U.S. entities, while upholding GDPR-level protections.

Is participation in the DPF mandatory for U.S. companies?

No. U.S. companies voluntarily certify to the framework to receive EU personal data under compliant conditions.

How is the framework enforced?

The FTC enforces compliance, and certified organizations are subject to oversight and penalties for violations.

What rights do EU individuals have under the DPF?

They can access, correct, delete, and lodge complaints about their data use, including access to a binding arbitration mechanism and the Data Protection Review Court.

EU-U.S. Data Privacy Framework

European Union / United States

2023

Privacy

Overview

The EU-U.S. Data Privacy Framework (DPF) was adopted in 2023 to facilitate transatlantic data transfers while ensuring a level of protection for personal data that aligns with EU General Data Protection Regulation (GDPR) standards. It replaces the invalidated Privacy Shield and is designed to address the concerns raised by the Court of Justice of the European Union (CJEU) in the Schrems II decision.

The DPF allows EU businesses to transfer personal data to certified U.S. organizations that commit to a set of privacy principles enforced by the U.S. Department of Commerce and monitored by the Federal Trade Commission (FTC). It includes stronger safeguards on U.S. government surveillance, limits on data access, and a new Data Protection Review Court (DPRC) to handle EU citizen complaints. The framework applies to tech companies, cloud service providers, financial institutions, e-commerce platforms, and any U.S.-based organization handling EU personal data.

Key Obligations

U.S. companies must self-certify and commit to DPF privacy principles (notice, choice, access, security, etc.)
Provide EU individuals with rights to access, correct, and delete their data
Offer independent dispute resolution and respond to complaints within 45 days

Cooperate with EU data protection authorities on unresolved complaints
Adhere to limitations on data collection and ensure accountability for onward transfers

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

Identity Verification

Use facial match and liveness checks paired with government ID verification to make sure the person holding the document is the person you're onboarding.

One Touch KYC

Simplify the Know Your Customer (KYC) process with AI and sophisticated fraud detection algorithms to provide a seamless, efficient, and highly secure user verification.

Bank Account Verification

Secure and instant bank account verification to confirm account ownership and validity for seamless financial transactions.

EU-U.S. Data Privacy Framework

European Union / United States

2023

Privacy

Overview

Key Obligations

Stay ahead of risk with Signzy

Identity Verification

One Touch KYC

Bank Account Verification

Related Regulations

GDPR Data Protection Regulation

EU-U.S. Data Privacy Framework

EU Data Act Regulation

FAQ