One Step Forward: The EU and US agree to a Data Transfer Framework, but Many Questions Remain
U.S. President Biden and European Commission President Ursula von der Leyen announced that the U.S. and EU had settled on an agreement in principal for a new trans-Atlantic data transfer pact, allaying the fears of many multinational companies that they would be forced to cut off data flows. (FACT SHEET: United States and European Commission Announce Trans-Atlantic Data Privacy Framework | The White House) In 2020, the EU Court of Justice struck down the Privacy Shield, a bilateral agreement between the continents allowing data to flow from the EU to the US even though the US had not been deemed an “adequate” location to store EU personal data. (https://www.paulhastings.com/insights/ph-privacy/blog-the-results-are-in-privacy-shield-has-been-declared-invalid-but-the-sccs-remain-valid) At the heart of the case were the EU’s concerns that the US surveillance community was collecting large amounts of EU personal information.
Under the new agreement, whose details need to be hammered out, the US made a number of commitments including:
- Strengthening safeguards against US signals intelligence;
- Developing a mechanism for EU citizens to challenge actions they consider privacy violations; and
- Increasing oversight of US intelligence agencies.
Much work remains to be done, but the two governments seemed to have moved past their previous logjam. Stay tuned for updates from the Paul Hastings Data Privacy and Cybersecurity Group to find out more about the final contours of the agreement and how it might impact your organization.