On 19 July, the EDPB adopted an information note to provide concise and objective details on data transfers to the US after the Data Privacy Framework (DPF) adequacy decision. The note clarifies that transfers based on adequacy decisions do not require supplementary measures. However, transfers not covered by the DPF List need appropriate safeguards like standard data protection clauses or binding corporate rules. The EDPB emphasizes that US national security safeguards apply to all data transfers, irrespective of the transfer tool used. EU individuals can submit complaints to their national data protection authority to utilize the new redress mechanism for national security-related issues.

To recap, on 7 July the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework.