EU & US Agree New Data Rules To Replace Privacy Shield

Uploaded on 2022-04-13 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

“The United States and the European Commission have committed to a new Trans-Atlantic Data Privacy Framework, which will regulate trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union when it struck down in 2020 the Commission’s adequacy decision underlying the EU-US Privacy Shield framework,” says the White House Statement.  The new agreement brings to an end a long period of legal uncertainty between the two governments. 

This is a new framework for cross-border data transfers, providing some much-needed relief for the bigh technology firms who manage large international loud data flows, including Meta, Microsoft and Google.    

“We have found an agreement in principle on a new framework for trans-Atlantic data flows,” European Commission President Ursula von der Leyen said at a joint press conference with US President Joe Biden recently.... This will enable predictable, trustworthy data flows between the EU and the US, safeguarding privacy and civil liberties.”

The legal uncertainty hanging over EU-U.S. data flows has led to European data protection agencies issuing orders against flows of personal data passing via products such as Google Analytics, Google Fonts and Stripe and others. Facebook’s lead EU regulator, the Irish Data Protection Commissioner, has  sent a new draft to Meta, in a multi-year complaint related to its EU-US data flows. At least, that is what  Meta has been hoping would happen as it sought to delay earlier enforcement.

The detail of what has been agreed by the EU and US in principle although how exactly the two sides have managed to close the gap between what remain two very differently oriented legal systems, is not clear.

The sustainability of the deal will ultimately depend upon fine detail and uncertainty over EU-US data transfers  extends further than 2020 when a long -standing predecessor agreement, called Safe Harbor, was invalidated by Europe’s top court in 2015 over the same disagreement between EU privacy rights and US surveillance laws. This dynamic means that any replacement deal faces the daunting prospect of fresh legal challenges to test how robust it is when it comes to ensuring that EU citizens’ rights are adequately protected when their data flows to the US.

“We managed to balance security and the right to privacy and data protection,” von der Leyen said. She referrred to the new  agreement “balanced and effective” but provided no specifics on what has actually been decided.

EU citizens will now be able to seek redress from “a new multi-layer redress mechanism that includes an "independent Data Protection Review Court” that the US administration says would consist of individuals “chosen from outside the US Government who would have full authority to adjudicate claims and direct remedial measures as needed”. 

The response from the technology industry to the news of another revived data transfer deal was universally positive. Both  Google and  Meta has been asking recently for the two sides to come up with a viable compromise, was quick to welcome the announcement.

European Commission:      White House:        CNBC:     Techcrunch:      Microsoft:     Law360:    Lexology:  

You Might Also Read: 

Who Do You Trust With Your Personal Data?:
 

« Cyber Criminals Volunteer For War In Ukraine
What Can The Healthcare Sector Learn From 2021’s Threat Landscape? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

TNO Cyber Security Lab

TNO Cyber Security Lab

TNO Cyber Security Lab is a dedicated facility for innovative and experimental research with the goal of a safe and resilient cyberspace.

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

Telefonica Tech

Telefonica Tech

Telefónica Cyber Security Tech is focused on the prevention, detection and appropriate response to security incidents aimed at protecting your digital services.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

RIPS Technologies

RIPS Technologies

RIPS Technologies delivers automated security analysis for PHP applications as platform independent software or highly scalable cloud service.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

Crosser

Crosser

The Crosser Platform enables real-time processing of streaming or batch data for Industrial IoT, Data Transformation, Analytics, Automation and Integration.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

Consensys

Consensys

ConsenSys is a global blockchain company. We develop enterprise applications, invest in startups, build developer tools, and offer blockchain education.

Dutch Innovation Park

Dutch Innovation Park

Dutch Innovation Park in Zoetermeer is a breeding ground for applied IT solutions in the field of cyber security, e-health, smart mobility and big data.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

at-yet (@-yet)

at-yet (@-yet)

at-yet are an interdisciplinary team of experts. We are all about achieving results, whatever the situation – an acute incident, risk minimisation, safeguarding or data protection.

Backblaze

Backblaze

The Backblaze Storage Cloud provides a foundation for businesses, developers, IT professionals, and individuals to build applications, host content, manage media, back up and archive data, and more.