The Biden Administration and the European Commission have taken steps toward establishing a new mechanism in support of cross-border data flows from the EU to the U.S., known as the Trans-Atlantic Data Privacy Framework. Here are the next steps for organizations seeking to transfer EU personal data to the U.S.
The EU and US have reached an agreement in principle on a Privacy Shield replacement, but details of the data transfer deal are not yet available to the public.
It appears that for some, including the biggest names in tech, the possibility of pulling out of Europe over the new Schrems data transfer requirements is not entirely off the table.
In the well-reported cases of both TikTok and Privacy Shield, governments took decisive action to protect their residents from potential abuse by other governments. These cases present businesses with steps they can take to adjust to the evolving environment.
Following the Schrems II ruling and invalidation of the US-EU Privacy Shield, the Council of Europe has said that intelligence services need to stop spying on individuals’ digital communications.
There was some question as to whether Schrems II would extend to the similar Swiss-US Privacy Shield agreement, and that question has now been answered.
Max Schrems, chairperson of noyb, has directed his organization to file over 100 privacy complaints against major businesses engaging in data transfers with the US.
Without serious privacy reform and a federal law in the US, it may not be possible to draft a Privacy Shield framework that survives another round in the EU court system.