The United States and the European Commission have committed to a new Data Privacy Framework, designed to foster trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union when it struck down in 2020 the Commission’s adequacy decision underlying the EU-U.S. Privacy Shield framework.
According to this statement by the White House, the new data privacy framework will provide vital benefits to citizens on both sides of the Atlantic. For EU individuals, the deal includes new, high-standard commitments regarding the protection of personal data. For citizens and companies on both sides of the Atlantic, the deal will enable the continued flow of data that underpins more than $1 trillion in cross-border commerce every year and will enable businesses of all sizes to compete in each other’s markets. It is the culmination of more than a year of detailed negotiations between the EU and the U.S. following the 2020 decision by the Court of Justice of the European Union ruling that the prior EU-U.S. framework, known as Privacy Shield, did not satisfy EU legal requirements.
As discussed in The National Law Review, the new data privacy framework, being referred to as “Privacy Shield 2.0”, would potentially revive the Privacy Shield and allow EU to US data flows for compliant companies. Few details have emerged on the terms of the agreement or how different its terms would be from the original Privacy Shield, which was invalidated after a challenge from privacy activist and lawyer Max Schrems in the “Schrems II” decision. Schrems had also previously successfully challenged the Safe Harbor framework before that, which led to the original Privacy Shield agreement to replace it.
The concern of EU Courts has been the extent of the US government’s surveillance of personal data. Many in Europe are wary of any mechanism that allows data transfers to the US because they believe that the transferred data simply will not be protected from the eyes of the US government. Some European commentators are skeptical of Privacy Shield 2.0 as few details have emerged about how U.S. government surveillance would change to have the regime survive scrutiny in EU courts and a possible Schrems III scenario. What is clear is that the success or failure of the forthcoming Privacy Shield 2.0, will have serious consequences for businesses of all sizes transferring personal data across the Atlantic.
So, what do you think? Is the third time for a new data privacy framework the charm? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.