Privacy Shield 2.0: EU and U.S. agree to a new data transfer deal
After more than a year, the European Union and the United States have reached an agreement "in principle" on a new framework for cross-border data transfers. Read about it here.
After more than a year, the European Union and the United States have reached an agreement "in principle" on a new framework for cross-border data transfers, providing much-needed relief to tech behemoths such as Meta and Google, since this means that data transfers for online businesses to the U.S. will be simplified.
In a joint press conference with U.S. President Joe Biden, European Commission President Ursula von der Leyen announced that the European Union has reached an agreement in principle with the United States on a resurrected trans-Atlantic data flows agreement, potentially signaling an end to the many months of legal uncertainty that have dogged cloud services since a landmark court ruling in July 2020 that struck down the EU-U.S. Privacy Shield.
Von der Leyen said the new agreement “will enable predictable and trustworthy data flows between the EU and the U.S., safeguarding privacy and civil liberties,” without going into much detail about how it will work. Since the sustainability of the deal will hinge on the details of the agreement, very little can be understood from today’s announcement beyond the political gesture.
Pleased that we found an agreement in principle on a new framework for transatlantic data flows.— Ursula von der Leyen (@vonderleyen) March 25, 2022
It will enable predictable and trustworthy 🇪🇺🇺🇸 data flows, balancing security, the right to privacy and data protection.
This is another step in strengthening our partnership. pic.twitter.com/7Y0wslR7Go
Biden stated that by reaching a new agreement, the United States and the European Union are finding new ways to bind their economies closer together. The framework, according to the US president, demonstrates the two countries' shared commitment to privacy, data protection, and the rule of law.
The dispute stems from a complaint filed nearly a decade ago by Austrian lawyer and privacy activist Max Schrems, who was concerned about how Facebook handled his data in light of revelations about U.S. government cybersnooping from a former U.S. National Security Agency contractor.
Along the way, the CJEU ruled that the Privacy Shield agreement covering transatlantic data transfers was invalid because it did not meet the EU's stringent data privacy standards. As a result, European data protection authorities issued orders limiting the flow of personal data through products such as Google Analytics, Google Fonts, and Stripe, among others.
This legal dispute raised the possibility that Facebook would have to revamp its data centers in order to keep European data out of the United States.
The new agreement “will help keep people connected and services running,” Facebook head of global affairs Nick Clegg tweeted. “It will provide invaluable certainty for American & European companies of all sizes, including Meta, who rely on transferring data quickly and safely.”
The work on reaching the agreement was praised by Google as the EU and U.S. recommit to “safeguard transatlantic data transfers.”
Schrems, also the privacy lawyer and campaigner whose name has become synonymous with striking down trans-Atlantic data transfer deals (aka Schrems I and Schrems II Decision), quickly expressed his skepticism. See more on the EDPB Schrems II.
“Customers and businesses face more years of legal uncertainty,” he said, responding to von der Leyen’s announcement, saying it could get tied up in the courts because his Vienna-based group NOYB would analyze it in depth and challenge anything that’s not in line with EU law.
He further tweeted: “Seems we do another Privacy Shield especially in one respect: Politics over law and fundamental rights. This failed twice before. What we heard is another ‘patchwork’ approach but no substantial reform on the U.S. side. Let’s wait for a text but my [first] bet is it will fail again.”
Easy Steps to Achieve CCPA and CPRA Compliance for Your Shopify Store
As an e-commerce business owner, it is crucial to understand the significance of data privacy and the impact of privacy laws on your Shopify store. Your online store likely collects personal information for processing, making data protection laws applicable to you. In this article, you'll learn what Shopify store owners need to do for CCPA and CPRA compliance.
Understanding PIPEDA Requirements: A Comprehensive Guide to Privacy Laws in Canada
The purpose of this article is to provide an overview of PIPEDA, including its scope, requirements, exceptions, enforcement, and penalties. This article is intended to be a helpful resource for organizations seeking to comply with PIPEDA and protect the privacy of individuals whose personal information they collect, use, or disclose.
- Canada PIPEDA
What Is PIPEDA and How Does It Affect Your Business?
In this blog post, we will explore what PIPEDA is, who it applies to, and what personal data it protects. We will also examine the fair information principles of PIPEDA, the role of the Office of the Privacy Commissioner of Canada, and how PIPEDA compares with other privacy laws around the world, such as the EU's General Data Protection Regulation (GDPR).
- Canada PIPEDA