Privacy Shield 2.0? – European Union and United States reach agreement in principle on a Trans-Atlantic Data Privacy Framework
21/04/2022

On 25 March 2022, the European Commission and the United States announced in various statements that they have reached an agreement in principle on a new Trans-Atlantic Data Privacy Framework. The statements from the EU Commission can be found here, here and here; the statement from the US White House can be found here.

This agreement should overcome the concerns raised by the CJEU in the Schrems II judgment, where the CJEU invalidated the EU-US Privacy Shield and stated that the US did not provide a level of data protection that was “essentially equivalent” to that provided within the EU, as the US law enforcement and intelligence agencies’ level of access to EU personal data was too broad and as EU residents were not provided with any effective legal remedies. The agreement should thus become the new basis to facilitate “predictable and trustworthy data flows” between the EU and the US.

Both the EU Commission and the US have published factsheets summarising the key elements of the agreement. According to these factsheets, the Framework will ensure that:

  • data will be able to flow freely and safely between the EU and certified US companies;
  • a new set of rules and binding safeguards is adopted to limit signals intelligence (i.e. intelligence gathered through the interception of electronic signals) collection and access to EU personal data to what is necessary to advance legitimate national security objectives; US intelligence agencies will adopt procedures to ensure that such collection cannot have a disproportionate impact on the protection of individual privacy and civil liberties;
  • a new two-tier redress mechanism is provided to investigate and resolve complaints by EU individuals concerning accessing of data by US intelligence authorities. EU citizens may seek redress through an independent Data Protection Review Court; and
  • specific monitoring and review mechanisms are adopted by US intelligence agencies to ensure effective oversight of new privacy and civil liberties standards.

The new Privacy Framework will continue to impose strong obligations on US companies processing EU personal data, whereby companies will again need to self-certify their adherence to the EU-US Privacy Shield Principles through the US Department of Commerce.

The text of the deal is not yet available. The agreement will now have to be converted into an adequacy decision on the EU side and an executive order on the US side. Even though the agreement is very much welcomed by the industry, as data flows will be enabled and obstacles will be removed, there is considerable scepticism as to whether this agreement will really overcome the issues arising from the US surveillance laws. The question also remains whether the new agreement will stand firm against a – quite probable – new challenge by Schrems and NOYB.

In the meantime, the lessons from the Schrems II judgment continue to apply. Companies still have to perform data transfer impact assessments if they want to rely on Standard Contractual Clauses as a transfer mechanism for data transfers to the US. For more information, see our previous article.

 

Anneleen Van de Meulebroucke - Counsel

Justine De Meersman - Attorney

Related : Eubelius

[+ http://www.eubelius.com]


Click here to see the ad(s)
All articles European Law

Lastest articles European Law

Priorities of the Belgian Competition Authority for 2022
20/05/2022

On 12 May 2022, the Belgian Competition Authority (the “Authority”) issued its annual communication setting ou...

Priorities of the Belgian Competition Authority for 2022 Read more

REPowerEU and the Energy Market Design – What are the plans of the EU Commission?
20/05/2022

On 18 May 2022, the EU Commission presented a plan to reduce dependence on Russian fossil fuels and fast forward the green...

REPowerEU and the Energy Market Design – What are the plans of the EU Commission? Read more

EU Commission Adopts New Rules for Distribution Agreements: What’s to Come for Distribution Rel...
18/05/2022

On May 10, 2022, the European Commission adopted the new Vertical Block Exemption Regulation (VBER) and accompanying Verti...

EU Commission Adopts New Rules for Distribution Agreements: What’s to Come for Distribution Relationships in the Digital Age? Read more

The EU nears new rules to curb unfair competition from foreign subsidies
16/05/2022

The EU is on course to secure new powers that will enable the Commission to review market-distorting subsidies from outsid...

The EU nears new rules to curb unfair competition from foreign subsidies Read more

LexGO Network