Privacy Shield 2.0: EU and U.S. agree to a new data transfer deal
After more than a year, the European Union and the United States have reached an agreement "in principle" on a new framework for cross-border data transfers. Read about it here.
After more than a year, the European Union and the United States have reached an agreement "in principle" on a new framework for cross-border data transfers, providing much-needed relief to tech behemoths such as Meta and Google, since this means that data transfers for online businesses to the U.S. will be simplified.
In a joint press conference with U.S. President Joe Biden, European Commission President Ursula von der Leyen announced that the European Union has reached an agreement in principle with the United States on a resurrected trans-Atlantic data flows agreement, potentially signaling an end to the many months of legal uncertainty that have dogged cloud services since a landmark court ruling in July 2020 that struck down the EU-U.S. Privacy Shield.
Von der Leyen said the new agreement “will enable predictable and trustworthy data flows between the EU and the U.S., safeguarding privacy and civil liberties,” without going into much detail about how it will work. Since the sustainability of the deal will hinge on the details of the agreement, very little can be understood from today’s announcement beyond the political gesture.
Pleased that we found an agreement in principle on a new framework for transatlantic data flows.— Ursula von der Leyen (@vonderleyen) March 25, 2022
It will enable predictable and trustworthy 🇪🇺🇺🇸 data flows, balancing security, the right to privacy and data protection.
This is another step in strengthening our partnership. pic.twitter.com/7Y0wslR7Go
Biden stated that by reaching a new agreement, the United States and the European Union are finding new ways to bind their economies closer together. The framework, according to the US president, demonstrates the two countries' shared commitment to privacy, data protection, and the rule of law.
The dispute stems from a complaint filed nearly a decade ago by Austrian lawyer and privacy activist Max Schrems, who was concerned about how Facebook handled his data in light of revelations about U.S. government cybersnooping from a former U.S. National Security Agency contractor.
Along the way, the CJEU ruled that the Privacy Shield agreement covering transatlantic data transfers was invalid because it did not meet the EU's stringent data privacy standards. As a result, European data protection authorities issued orders limiting the flow of personal data through products such as Google Analytics, Google Fonts, and Stripe, among others.
This legal dispute raised the possibility that Facebook would have to revamp its data centers in order to keep European data out of the United States.
The new agreement “will help keep people connected and services running,” Facebook head of global affairs Nick Clegg tweeted. “It will provide invaluable certainty for American & European companies of all sizes, including Meta, who rely on transferring data quickly and safely.”
The work on reaching the agreement was praised by Google as the EU and U.S. recommit to “safeguard transatlantic data transfers.”
Schrems, also the privacy lawyer and campaigner whose name has become synonymous with striking down trans-Atlantic data transfer deals (aka Schrems I and Schrems II Decision), quickly expressed his skepticism. See more on the EDPB Schrems II.
“Customers and businesses face more years of legal uncertainty,” he said, responding to von der Leyen’s announcement, saying it could get tied up in the courts because his Vienna-based group NOYB would analyze it in depth and challenge anything that’s not in line with EU law.
He further tweeted: “Seems we do another Privacy Shield especially in one respect: Politics over law and fundamental rights. This failed twice before. What we heard is another ‘patchwork’ approach but no substantial reform on the U.S. side. Let’s wait for a text but my [first] bet is it will fail again.”
India's Data Sharing Agreement: A Comprehensive Guide to Data Protection and Non-Disclosure Agreements under India Digital Personal Data Protection Act
Explore the intricacies of data sharing in India, focusing on compliance with the Digital Personal Data Protection Act 2023 (DPDPA). Learn about the importance of Data Sharing Agreements (DSAs) and discover key elements, best practices, and legal considerations for businesses. Ensure responsible and ethical data sharing while mitigating legal risks with this comprehensive guide.
- India DPDPA
Understanding the Colorado Privacy Act (CPA) and Its Implications for Data Privacy
Explore the key provisions of the Colorado Privacy Act (CPA) and learn how businesses can achieve compliance in 2024. Discover the implications, requirements, and consumer rights outlined in this comprehensive privacy legislation, signed by Governor Jared Polis in 2021 and enforced from July 2023.
Understanding the Difference: Clickwrap Agreement vs. Browsewrap Agreement, and Enforceability of Terms and Conditions
Discover the ins and outs of clickwrap and browsewrap agreements in our comprehensive blog post. Learn their impact on user experience, enforceability under data privacy regulations, and how to choose the right agreement for your website. Clickwrap vs. browsewrap compared, including advantages, disadvantages, and crucial legal considerations.
- Data Protection