The European Commission has approved the EU-US Data Privacy Framework, which states that the United States will ensure an adequate level of protection, comparable to that of the European Union for personal data transferred from the EU to U.S. companies. This agreement allows personal data of European citizens, to "flow safely" to U.S. companies, without the need for additional data protection safeguards.
Brussels has obtained the limitation of access to its citizens' data by U.S. intelligence services to what is "necessary and proportionate," and among the key points of the new agreement is the establishment of an"independent and impartial" data protection review tribunal to which EU citizens will have access.
The GDPR provides that the European Commission can decide that a third country, in this case the United States, guarantees an adequate level of protection for personal data, comparable to that offered by the European Union. As I have repeatedly argued this was just a regulatory trade war; there was no real reason why data on a European server was safer than data on a server located in the U.S. or Canada.
This agreement represents the third attempt to establish a secure system of information exchange. Safe Harbour, a program criticized by the EU Court of Justice in 2015, came into effect in 2000. The European Union and the United States sought a solution through the Privacy Shield, a new agreement on the subject in 2016 but also rejected by the EU High Court.