The recent news of an agreement on data transfers between the US and EU comes at a time of great scrutiny and instability. Businesses owners have justifiable questions about how this framework affects their data privacy policy, which is why we've summed up our thoughts on the deal below:
- On March 25, European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Gina Raimondo announced in a joint statement that negotiations on an enhanced EU-U.S. Privacy Shield framework would intensify.
- Negotiators from the U.S. and the EU have been working toward the much needed new framework since the previous EU-U.S. Privacy Shield framework was invalidated by the Court of Justice of the European Union in the Schrems II judgment in July 2020.
- Until then, Privacy Shield provided a streamlined, practical way for companies – particularly small and medium-sized businesses – to move data in compliance with the EU’s General Data Protection Regulation.
- But while the U.S. and the EU emphasized in a joint statement their shared commitment to facilitating protected, trusted data flows across the Atlantic and the need for a framework to support them, significant work remains to find a solution that meets the requirements of the Schrems decision.
- A timeline for when this agreement might be reached has not been made public.
- Until then, companies will still need to rely on Standard Contractual Clauses to support the lawful movement of data across the Atlantic. The European Data Protection Board has issued detailed guidance about what is required of companies that use them.
If you have further questions about this, please schedule a free consultation with Achieved Compliance.