Thursday, 7 November 2024

Home - General News - The United States and European Commission Announce Trans-Atlantic Data Privacy Framework

The United States and European Commission Announce Trans-Atlantic Data Privacy Framework

On 25 March the US and EU announced an “agreement in principle” on a new legal framework for GDPR-compliant transfers of EU personal data to the United States. The agreement reflects the US commitment to implementing new safeguards designed to address concerns that led to the July 2020 Schrems II decision of the European Court of Justice (ECJ), striking down the EU adequacy decision underpinning Privacy Shield. While the announcement has been widely welcomed, it remains an “agreement in principle”, with details and timing yet to be confirmed. Along with expressions of welcome and relief, initial reactions also included a strong indication that the new arrangements are likely to be challenged by privacy campaigners including Max Schrems and NOYB, describing “Privacy Shield 2.0” as “lipstick on a pig”.

What is likely to change in the new agreement?

The success or failure of the new agreement will depend on the extent to which it overcomes the flaws identified by the ECJ in Schrems II. The ECJ ruled against the EU Commission’s adequacy decision in favor of Privacy Shield, finding that data subjects were inadequately protected against electronic surveillance or “signals intelligence” activities carried out under US Federal authority, and that data subjects impacted by such activities had no viable route to redress.

Privacy Shield 2.0?

It is important to remember that Schrems II did not strike down Privacy Shield, which has continued to operate since July 2020. Rather, the European Court of Justice ruling struck down the EU Commission’s adequacy decision in favor of Privacy Shield. Consequently, a key objective of the new Trans-Atlantic Data Privacy Framework is not to replace Privacy Shield but to revive and enhance it with new mechanisms to address the flaws identified in Schrems II. Participating companies and organizations that take advantage of the Framework to legally protect data flows will continue to be required to adhere to the Privacy Shield Principles, including the requirement to self-certify their adherence to the Principles through the U.S. Department of Commerce.

What is next?

From the EU side, the Commission must follow the procedures and consultation requirements under GDPR Article 45. That process requires:

  • A proposal from the European Commission
  • An opinion of the European Data Protection Board
  • An approval from representatives of EU member states
  • Adoption of the decision by the European Commission.

Direct Publication Source: https://www.natlawreview.com/article/united-states-and-european-commission-announce-trans-atlantic-data-privacy-framework

Comments

You May Like These Too

US Privacy legislation from DC

Chase Hador - 24 Aug 2022

Why experts have hope in the federal privacy bill – even if it doesn’t pass

According to The Record, although Congress looks increasingly unlikely to pass a major bipartisan proposal on federal privacy legislation, experts […]

Sandy Neulane - 22 May 2022

Working from home? Be sure to use these privacy-focused tools

We firmly believe that working outside of a traditional office setting should not compromise your privacy. We have rounded up […]

Sandy Neulane - 22 May 2022

California Privacy Rights Act is Passed – The Significant Changes

California voters had approved Proposition 24, the California Privacy Rights Act, with 56% of voters supporting the measure, in November […]

Categories

Get Latest Updates