• Purpose: The DPF is a self-certification program that allows businesses to transfer data between the EU and the US in a way that complies with EU law. 
• Enforcement: The U.S. Federal Trade Commission enforces the DPF. 
• Certification: US companies must self-certify their compliance with the DPF’s principles. Certification must be renewed annually. 
• Data transfers: Data transfers from the EU and EEA to self-certified companies are considered to have adequate protection. Non-compliant companies or companies that have not renewed their certification require additional safeguards. 
• Data exporters: EU and EEA data exporters must verify that a US company’s self-certification is active before transferring data. 

The DPF was adopted after the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield in July 2020. The CJEU’s ruling stated that the Privacy Shield did not comply with the EU General Data Protection Regulation (GDPR).