EU & US Agree New Data Rules To Replace Privacy Shield

Uploaded on 2022-04-13 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

“The United States and the European Commission have committed to a new Trans-Atlantic Data Privacy Framework, which will regulate trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union when it struck down in 2020 the Commission’s adequacy decision underlying the EU-US Privacy Shield framework,” says the White House Statement.  The new agreement brings to an end a long period of legal uncertainty between the two governments. 

This is a new framework for cross-border data transfers, providing some much-needed relief for the bigh technology firms who manage large international loud data flows, including Meta, Microsoft and Google.    

“We have found an agreement in principle on a new framework for trans-Atlantic data flows,” European Commission President Ursula von der Leyen said at a joint press conference with US President Joe Biden recently.... This will enable predictable, trustworthy data flows between the EU and the US, safeguarding privacy and civil liberties.”

The legal uncertainty hanging over EU-U.S. data flows has led to European data protection agencies issuing orders against flows of personal data passing via products such as Google Analytics, Google Fonts and Stripe and others. Facebook’s lead EU regulator, the Irish Data Protection Commissioner, has  sent a new draft to Meta, in a multi-year complaint related to its EU-US data flows. At least, that is what  Meta has been hoping would happen as it sought to delay earlier enforcement.

The detail of what has been agreed by the EU and US in principle although how exactly the two sides have managed to close the gap between what remain two very differently oriented legal systems, is not clear.

The sustainability of the deal will ultimately depend upon fine detail and uncertainty over EU-US data transfers  extends further than 2020 when a long -standing predecessor agreement, called Safe Harbor, was invalidated by Europe’s top court in 2015 over the same disagreement between EU privacy rights and US surveillance laws. This dynamic means that any replacement deal faces the daunting prospect of fresh legal challenges to test how robust it is when it comes to ensuring that EU citizens’ rights are adequately protected when their data flows to the US.

“We managed to balance security and the right to privacy and data protection,” von der Leyen said. She referrred to the new  agreement “balanced and effective” but provided no specifics on what has actually been decided.

EU citizens will now be able to seek redress from “a new multi-layer redress mechanism that includes an "independent Data Protection Review Court” that the US administration says would consist of individuals “chosen from outside the US Government who would have full authority to adjudicate claims and direct remedial measures as needed”. 

The response from the technology industry to the news of another revived data transfer deal was universally positive. Both  Google and  Meta has been asking recently for the two sides to come up with a viable compromise, was quick to welcome the announcement.

European Commission:      White House:        CNBC:     Techcrunch:      Microsoft:     Law360:    Lexology:  

You Might Also Read: 

Who Do You Trust With Your Personal Data?:
 

« Cyber Criminals Volunteer For War In Ukraine
What Can The Healthcare Sector Learn From 2021’s Threat Landscape? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

Engage Black

Engage Black

Engage Black provides solutions for securing and protecting cryptographic keys, data at rest, and data in motion.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

CyberArrow

CyberArrow

CyberArrow (formerly EBDAA) is a consultancy company providing high quality consultancy services in Risk & Compliance and Awareness & Education.

DefCamp

DefCamp

DefCamp is the most important annual conference on Hacking & Information Security in Central Eastern Europe.

Chainalysis

Chainalysis

Chainalysis provides blockchain analysis software to prevent, detect and investigate cryptocurrency money laundering, fraud and compliance violations.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

IAC

IAC

IAC is a specialist Irecruitment consultancy covering Internal Audit, Risk, Controls, Governance, IT Audit, and Cyber Security roles.

IPification

IPification

IPification is a highly secure, credential-less, network-based authentication solution for frictionless user experience on mobile and IoT devices.

Tracepoint

Tracepoint

Tracepoint provide full-service cyber incident response, remediation and recovery solutions for the most time-sensitive situation your company may ever face.

Accurics

Accurics

Accurics enables self-healing cloud native infrastructure by codifying security throughout your development lifecycle.

Tailscale

Tailscale

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly.

Intelligent Technical Solutions (ITS)

Intelligent Technical Solutions (ITS)

We help businesses manage their technology. Intelligent Technical Solutions provide you with the right technical solution, so you can get back to running your business.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.