EU & US Agree New Data Rules To Replace Privacy Shield

Uploaded on 2022-04-13 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

“The United States and the European Commission have committed to a new Trans-Atlantic Data Privacy Framework, which will regulate trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union when it struck down in 2020 the Commission’s adequacy decision underlying the EU-US Privacy Shield framework,” says the White House Statement.  The new agreement brings to an end a long period of legal uncertainty between the two governments. 

This is a new framework for cross-border data transfers, providing some much-needed relief for the bigh technology firms who manage large international loud data flows, including Meta, Microsoft and Google.    

“We have found an agreement in principle on a new framework for trans-Atlantic data flows,” European Commission President Ursula von der Leyen said at a joint press conference with US President Joe Biden recently.... This will enable predictable, trustworthy data flows between the EU and the US, safeguarding privacy and civil liberties.”

The legal uncertainty hanging over EU-U.S. data flows has led to European data protection agencies issuing orders against flows of personal data passing via products such as Google Analytics, Google Fonts and Stripe and others. Facebook’s lead EU regulator, the Irish Data Protection Commissioner, has  sent a new draft to Meta, in a multi-year complaint related to its EU-US data flows. At least, that is what  Meta has been hoping would happen as it sought to delay earlier enforcement.

The detail of what has been agreed by the EU and US in principle although how exactly the two sides have managed to close the gap between what remain two very differently oriented legal systems, is not clear.

The sustainability of the deal will ultimately depend upon fine detail and uncertainty over EU-US data transfers  extends further than 2020 when a long -standing predecessor agreement, called Safe Harbor, was invalidated by Europe’s top court in 2015 over the same disagreement between EU privacy rights and US surveillance laws. This dynamic means that any replacement deal faces the daunting prospect of fresh legal challenges to test how robust it is when it comes to ensuring that EU citizens’ rights are adequately protected when their data flows to the US.

“We managed to balance security and the right to privacy and data protection,” von der Leyen said. She referrred to the new  agreement “balanced and effective” but provided no specifics on what has actually been decided.

EU citizens will now be able to seek redress from “a new multi-layer redress mechanism that includes an "independent Data Protection Review Court” that the US administration says would consist of individuals “chosen from outside the US Government who would have full authority to adjudicate claims and direct remedial measures as needed”. 

The response from the technology industry to the news of another revived data transfer deal was universally positive. Both  Google and  Meta has been asking recently for the two sides to come up with a viable compromise, was quick to welcome the announcement.

European Commission:      White House:        CNBC:     Techcrunch:      Microsoft:     Law360:    Lexology:  

You Might Also Read: 

Who Do You Trust With Your Personal Data?:
 

« Cyber Criminals Volunteer For War In Ukraine
What Can The Healthcare Sector Learn From 2021’s Threat Landscape? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

D-Fence

D-Fence

D-Fence high availability security service protects corporate email communication, the company and it's employee's against cyber threats.

Digital Guardian

Digital Guardian

Digital Guardian is a next generation data protection platform designed to stop data theft.

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

Danish Maritime Cybersecurity Unit

Danish Maritime Cybersecurity Unit

The Danish Maritime Cybersecurity Unit is tasked with delivering the initiatives set out in the Cyber and Information Security Strategy for the Maritime Sector.

EvoNexus

EvoNexus

EvoNexus is a technology startup incubator with locations in San Diego, Orange County, and Silicon Valley.

ARCON

ARCON

ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

WebSec B.V.

WebSec B.V.

WebSec is a Dutch Cybersecurity firm mainly focused on offensive security services such as pentesting, red teaming and security awareness and phishing campaigns.

ProofID

ProofID

ProofID is a specialist provider of Identity Access Management (IAM) solutions. We focus on the solving the complex needs of the modern enterprise.

Brace168

Brace168

Specialising in Cyber Security incident identification and response, Brace168 is uniquely positioned to provide a vast experience in managed security services to meet the needs of all business types.

Mission Critical Partners (MCP)

Mission Critical Partners (MCP)

Mission Critical Partners is committed to delivering innovative solutions that help our clients enhance and evolve their critical-communications systems and operations.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

Winmill Software

Winmill Software

Winmill is a technology services company that provides expert consulting services in Application Development, Application Security and Cyber Security.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.