The recent news of an agreement on data transfers between the US and EU comes at a time of great scrutiny and instability. Businesses owners have justifiable questions about how this framework affects their data privacy policy, which is why we've summed up our thoughts on the new US-EU Trans-Atlantic Data Privacy Framework below:
- On March 25, European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Gina Raimondo announced in a joint statement that negotiations on an enhanced EU-U.S. Privacy Shield framework would intensify.
- Since the Court of Justice of the European Union invalidated the previous EU-U.S. Privacy Shield framework in the Schrems II judgment in July 2020, negotiators from the U.S. and the EU have been working toward a much-needed new framework.
- Until then, Privacy Shield provided a streamlined, practical way for companies – particularly small and medium-sized businesses – to move data in compliance with the EU’s General Data Protection Regulation.
- But while the U.S. and the EU emphasized in a joint statement their shared commitment to facilitating protected, trusted data flows across the Atlantic and the need for a framework to support them, significant work remains to find a solution that meets the requirements of the Schrems decision.
- Those involved have not made the timeline for reaching this agreement public.
- Until then, companies will still need to rely on Standard Contractual Clauses to support the lawful movement of data across the Atlantic. The European Data Protection Board has issued detailed guidance about what is required of companies that use them.
If you have further questions about this, please schedule a free consultation with Achieved Compliance.