EU & US Agree New Data Rules To Replace Privacy Shield

Uploaded on 2022-04-13 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

“The United States and the European Commission have committed to a new Trans-Atlantic Data Privacy Framework, which will regulate trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union when it struck down in 2020 the Commission’s adequacy decision underlying the EU-US Privacy Shield framework,” says the White House Statement.  The new agreement brings to an end a long period of legal uncertainty between the two governments. 

This is a new framework for cross-border data transfers, providing some much-needed relief for the bigh technology firms who manage large international loud data flows, including Meta, Microsoft and Google.    

“We have found an agreement in principle on a new framework for trans-Atlantic data flows,” European Commission President Ursula von der Leyen said at a joint press conference with US President Joe Biden recently.... This will enable predictable, trustworthy data flows between the EU and the US, safeguarding privacy and civil liberties.”

The legal uncertainty hanging over EU-U.S. data flows has led to European data protection agencies issuing orders against flows of personal data passing via products such as Google Analytics, Google Fonts and Stripe and others. Facebook’s lead EU regulator, the Irish Data Protection Commissioner, has  sent a new draft to Meta, in a multi-year complaint related to its EU-US data flows. At least, that is what  Meta has been hoping would happen as it sought to delay earlier enforcement.

The detail of what has been agreed by the EU and US in principle although how exactly the two sides have managed to close the gap between what remain two very differently oriented legal systems, is not clear.

The sustainability of the deal will ultimately depend upon fine detail and uncertainty over EU-US data transfers  extends further than 2020 when a long -standing predecessor agreement, called Safe Harbor, was invalidated by Europe’s top court in 2015 over the same disagreement between EU privacy rights and US surveillance laws. This dynamic means that any replacement deal faces the daunting prospect of fresh legal challenges to test how robust it is when it comes to ensuring that EU citizens’ rights are adequately protected when their data flows to the US.

“We managed to balance security and the right to privacy and data protection,” von der Leyen said. She referrred to the new  agreement “balanced and effective” but provided no specifics on what has actually been decided.

EU citizens will now be able to seek redress from “a new multi-layer redress mechanism that includes an "independent Data Protection Review Court” that the US administration says would consist of individuals “chosen from outside the US Government who would have full authority to adjudicate claims and direct remedial measures as needed”. 

The response from the technology industry to the news of another revived data transfer deal was universally positive. Both  Google and  Meta has been asking recently for the two sides to come up with a viable compromise, was quick to welcome the announcement.

European Commission:      White House:        CNBC:     Techcrunch:      Microsoft:     Law360:    Lexology:  

You Might Also Read: 

Who Do You Trust With Your Personal Data?:
 

« Cyber Criminals Volunteer For War In Ukraine
What Can The Healthcare Sector Learn From 2021’s Threat Landscape? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

Government Communications Headquarters (GCHQ)

Government Communications Headquarters (GCHQ)

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

Identity Automation

Identity Automation

Identity Automation is a leading provider of Identity and Access Management software.

InnoSec

InnoSec

InnoSec is a software manufacturer of cyber risk management technology.

FileWave

FileWave

FileWave offers a single solution for managing apps, devices, and more for Mac, Windows, and mobile devices.

Yelbridges

Yelbridges

Yelbridges is your reliable partner in all fields of IT-Security, from developing of Security Policies and Guidelines to the design and implementation of secure processes.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

ICT Reverse

ICT Reverse

ICT Reverse is one of the UK’s leading, fully accredited providers of ICT asset disposal and secure data erasure.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

Root9B (R9B)

Root9B (R9B)

R9B offers advanced cybersecurity products, services, and training to enhance the way organizations protect their networks.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

Silent Circle

Silent Circle

Silent Circle is the leader in end-to-end enterprise solutions for secure mobile communications.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.