Extract from Tim Rollins’s article “Data Privacy Alert: The US and EU Announce a New Data Privacy Framework”
The US and EU have agreed to a new Trans-Atlantic Data Privacy Framework, marking the beginning of a collaborative approach to resolve the uncertainty created in July 2020, when the Court of Justice of the European Union invalidated the Privacy Shield framework. More data flows between the EU and the US than anywhere else in the world, powering a $7.1 trillion economic relationship.
Overview
Only July 16, 2020, the Court of Justice of the European Union issued the Schrems II ruling in the case of Data Protection Commission v. Facebook Ireland, Ltd., invalidating the basis on which transfers of personal data of European Union citizens were sent to the United States for processing. The Court invalidated the Privacy Shield Framework, which had been in place since 2016, on two grounds: that US surveillance programs were not limited “to what is strictly necessary and proportional” and that EU citizens lacked a means to remedy inappropriate use of their data.
The new Trans-Atlantic Data Privacy Framework addresses these issues to the satisfaction of the European Commission and re-establishes a legal mechanism under which companies can transfer EU personal data to the United States. To reach this agreement, the US has agreed to address both these issues.