This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read
Reposted from Advertising Law Updates

U.S. and EU Reach Deal on Trans-Atlantic Data Transfers

On Friday, March 25, 2022, U.S. President Joe Biden and European Commission President Ursula von der Leyen announced an “agreement in principle” to ensure the legality of personal data transfers across the Atlantic. The announcement comes as welcome news to many businesses that have been in legal limbo since the European Court of Justice struck down Privacy Shield as a valid transfer agreement in July of 2020.  For example, Meta, Facebook’s parent company, previously stated it might shut down its services in Europe if an agreement could not be struck. Google has also called for a new data transfer framework in the wake of Privacy Shield’s invalidation.

Extensive details of the new agreement are still unknown, though President Biden stated during a press conference that the deal includes “unprecedented protections for data privacy and security for citizens.” The fact sheet released by the White House states that the new framework ensures that:

  • Intelligence collection may be undertaken only where necessary to advance legitimate national security objectives, and must not disproportionately impact the protection of individual privacy and civil liberties;
  • EU individuals may seek redress from a new multi-layer redress mechanism that includes an independent Data Protection Review Court that would consist of individuals chosen from outside the U.S. Government who would have full authority to adjudicate claims and direct remedial measures as needed; and
  • U.S. intelligence agencies will adopt procedures to ensure effective oversight of new privacy and civil liberties standards.

The new framework is likely to face challenges similar to those faced by Privacy Shield and its predecessor, Safe Harbour. Max Schrems, a well-known privacy activist who led the efforts to invalidate both Privacy Shield and Safe Harbour, already took to Twitter on Friday morning to express skepticism around the agreement, tweeting “let’s wait for a text, but my first bet is it will fail again.” The official statement of Schrems’ group, Noyb, warned of its intent to “get any new agreement that does not meet the requirements of EU law back to the CJEU within a matter of months via civil litigation and preliminary injunctions.”     

We will continue to monitor the developments around this news as we await the final text of the new framework and will update accordingly.

Tags

privacy