Who doesn't like a good Friday afternoon development — especially if it is not a data breach.

This time, the news came from EU member states as they approved the European Commission's

ADVERTISEMENT

Cassie IAPP Leaderboard - Future-proofing your data, 2025 and beyond

Since reaching a political agreement in March 2022, the trans-Atlantic partners had been working toward putting in place all the elements needed to not only to cement the DPF, but more fundamentally, ensure it would live up to the expectations of privacy professionals, concerned individuals and ultimately — let's face it — judges of the Court of Justice of the European Union. Only time will tell how sustainable the DPF is, how strong buy-in by privacy professionals is, and how satisfied concerned individuals will be.

Regardless, this decision is a strong political signal on at least two accounts. First, it shows the EU-U.S. partnership can still deliver when political will is there despite spicy discussions at times on digital policy and sovereignty postures — remember the deal was announced by European Commission President Ursula von der Leyen and U.S. President Joe Biden themselves. Second, it furthers a notion of reciprocity in the EU approach of adequacy.

On the notion of reciprocity, perhaps the first step was the

Some member states' practices and lack of transparency have raised eyebrows over the years but have not been the subject of scrutiny at a level similar to that of third countries in the context of adequacy discussions. It will be interesting to see whether and how some civil society groups leverage this designation by the U.S. to look under the hood.

Elsewhere:

  • The European Commission just released the European Innovation Scoreboard 2023 and numbers are good. The report captures an improved innovation performance in 25 member states. Top member states innovators are in Denmark, Sweden and Finland with Romania and Bulgaria lagging top of the list.
  • The text for the proposed update refreshed the rules to better combat fraud and improve the functioning of open banking. It also aims to improve consumer rights, by a.o. giving full control to customers over who accesses their data and for what data sharing purpose, standardizing customer data and the technical interfaces, and setting clear liability regimes for data breaches and dispute resolution mechanisms.
  • The next IAPP Data Protection Intensive: UK will run on 28-29 Feb. 2024 The call for proposals is open until 20 Aug. Registration is still open for the Data Protection Intensive: Germany (Munich, 13-14 Sept.) and the Europe Data Protection Congress (Brussels, 15-16 Nov.). Further information is available on the