signzy

API Marketplace

downArrow

Solutions

downArrow

Resources

downArrow

Our Company

downArrow
Book a Demo
laptop
Logo
Responsive
Decorative line
← Back to Glossary

EU-U.S. Data Privacy Framework

European Union / United States

European Union / United States

2023

Privacy

Overview

The EU-U.S. Data Privacy Framework (DPF) was adopted in 2023 to facilitate transatlantic data transfers while ensuring a level of protection for personal data that aligns with EU General Data Protection Regulation (GDPR) standards. It replaces the invalidated Privacy Shield and is designed to address the concerns raised by the Court of Justice of the European Union (CJEU) in the Schrems II decision.
The DPF allows EU businesses to transfer personal data to certified U.S. organizations that commit to a set of privacy principles enforced by the U.S. Department of Commerce and monitored by the Federal Trade Commission (FTC). It includes stronger safeguards on U.S. government surveillance, limits on data access, and a new Data Protection Review Court (DPRC) to handle EU citizen complaints. The framework applies to tech companies, cloud service providers, financial institutions, e-commerce platforms, and any U.S.-based organization handling EU personal data.

Key Obligations

  • U.S. companies must self-certify and commit to DPF privacy principles (notice, choice, access, security, etc.)
  • Provide EU individuals with rights to access, correct, and delete their data
  • Offer independent dispute resolution and respond to complaints within 45 days
  • Cooperate with EU data protection authorities on unresolved complaints
  • Adhere to limitations on data collection and ensure accountability for onward transfers

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

Identity Verification

Identity Verification

Use facial match and liveness checks paired with government ID verification to validate users while onboarding.

One Touch KYC

One Touch KYC

Launch global KYC flows with built-in document OCR, liveness checks, deepfake detection, and AML, all through a single, customizable dashboard.

Bank Account Verification

Bank Account Verification

Instantly verify bank account details to confirm account ownership and validity for secure financial transactions.

Related Regulations

Decorative icon
GDPR Data Protection Regulation

Decorative icon
EU-U.S. Data Privacy Framework

Decorative icon
EU Data Act Regulation

FAQ

What is the purpose of the Data Privacy Framework?

It enables the lawful transfer of personal data from the EU to certified U.S. entities, while upholding GDPR-level protections.

Is participation in the DPF mandatory for U.S. companies?

No. U.S. companies voluntarily certify to the framework to receive EU personal data under compliant conditions.

How is the framework enforced?

The FTC enforces compliance, and certified organizations are subject to oversight and penalties for violations.

What rights do EU individuals have under the DPF?

They can access, correct, delete, and lodge complaints about their data use, including access to a binding arbitration mechanism and the Data Protection Review Court.