EU-US Data Privacy Framework: Much Ado About Nothing?

The present paper deals with the recent Decision by the European Commission, defining a new Data Privacy Framework, applicable to transborder data flows from EU companies to US companies. Such a mechanism aims to overcome the case-law of the European Court of Justice on the former data flows systems (Safe Harbor and Privacy Shield). Whilst the substantive principles on data elaboration seem to comply with the EU legal standard - granting an equivalent protection to EU citizens' rights - the procedural guarantees stemming from the DPF could be still inconsistent with the above-mentioned standard. The main question, probably unsolved, regards the ways of redress for individuals whose data are transferred from the EU to a US companies and, then, onward transferred to federal intelligence authorities. One could, in fact, wonder whether the right of access to a judge is guaranteed or not by the DPF. Accordingly, it is quite plausible that the Data Privacy Framework will be brought to the ECJ in order to determine its consistency with GDPR, on the one hand, and the relevant provisions of the European Union Charter of Fundamental Rights, on the other.