Last updated on October 4, 2025
NO — Since the EU–U.S. Data Privacy Framework adequacy decision, personal data can flow to participating U.S. companies without additional safeguards, but only if the U.S. recipient participates in the Framework and the transfer meets the Framework’s conditions. If a U.S. company does not participate in the Framework (or if the transfer doesn’t meet the Framework rules), exporters still need to rely on other lawful transfer mechanisms (e.g., standard contractual clauses, derogations). You cannot assume a blind free flow of EU personal data to every U.S. entity—use the Framework only where it explicitly applies.
https://ec.europa.eu/commission/presscorner/api/files/document/print/en/ip_23_3721/IP_23_3721_EN.pdf
7/10/2023