On March 25, 2022, President Joe Biden and European Commission President Ursula von der Leyen announced that the U.S. and the EU have reached a principal political agreement over the new Trans-Atlantic Data Privacy Framework, an agreement concerning the cross-border transfer of personal user data. Unofficially referred to as “Privacy Shield 2.0,” this agreement comes two years after the Schrems II judgement famously halted the EU/U.S. Privacy Shield program, due to the limitations and U.S. domestic laws surrounding the transfer of information and monitoring of personal data flows. In the foreseeable future, this agreement will enable the newly established framework to allow for personal data to flow from the U.S. to the EU both freely and safely.
Under this framework, a new set of rules as well as a varying degree of legal safeguards will limit some U.S. intelligence authorities’ overall access to personal user data, contingencies set in place to protect overall national security. Additionally, a two-tier redress system will eventually be established to compile, investigate and resolve ongoing issues or complaints brought up by residents of the EU who may be concerned about access to their personal data, a system which will require the procurement of a Data Protection Review Court. Moreover, this framework for data protection will include obligations for companies and businesses wholly reliant on transferring personal data from the EU to the U.S.
“The Privacy Shield Framework in 2020 left a gap in safeguards available for exports of personal data to the U.S., which the Trans-Atlantic Data Privacy Framework is seeking to fill. Unless and until the framework is fully approved and in effect, organizations cannot rely on it to safeguard their data exports to the U.S. Therefore, for now, U.S. and EU organizations will need to continue to work together to put in place alternative safeguards and to carry out transfer impact assessments on their EU-U.S. data exports,” stated Katie Hewson, a data protection and privacy law specialist based out of London, as reported by the Society for Human Resources Management.
Before the new framework can shift from being a political principle to actually influencing global data flows, it must be subject to a series of legislative obstacles, namely EU data transfer checks as well as viability checks to test if the framework can adequately protect the relatively large scope that EU personal data encompasses. Currently, Privacy Shield 2.0 is garnering a significant amount of support politically from both members of the EU and U.S. government. Despite this trans-Atlantic collaboration, businesses and companies should remain wary as more government entities around the world work to develop a growing number of data privacy laws and provisions, only making the future of data protection increasingly more complex to navigate.