EU & US Agree New Data Rules To Replace Privacy Shield

“The United States and the European Commission have committed to a new Trans-Atlantic Data Privacy Framework, which will regulate trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union when it struck down in 2020 the Commission’s adequacy decision underlying the EU-US Privacy Shield framework,” says the White House Statement.  The new agreement brings to an end a long period of legal uncertainty between the two governments. 

This is a new framework for cross-border data transfers, providing some much-needed relief for the bigh technology firms who manage large international loud data flows, including Meta, Microsoft and Google.    

“We have found an agreement in principle on a new framework for trans-Atlantic data flows,” European Commission President Ursula von der Leyen said at a joint press conference with US President Joe Biden recently.... This will enable predictable, trustworthy data flows between the EU and the US, safeguarding privacy and civil liberties.”

The legal uncertainty hanging over EU-U.S. data flows has led to European data protection agencies issuing orders against flows of personal data passing via products such as Google Analytics, Google Fonts and Stripe and others. Facebook’s lead EU regulator, the Irish Data Protection Commissioner, has  sent a new draft to Meta, in a multi-year complaint related to its EU-US data flows. At least, that is what  Meta has been hoping would happen as it sought to delay earlier enforcement.

The detail of what has been agreed by the EU and US in principle although how exactly the two sides have managed to close the gap between what remain two very differently oriented legal systems, is not clear.

The sustainability of the deal will ultimately depend upon fine detail and uncertainty over EU-US data transfers  extends further than 2020 when a long -standing predecessor agreement, called Safe Harbor, was invalidated by Europe’s top court in 2015 over the same disagreement between EU privacy rights and US surveillance laws. This dynamic means that any replacement deal faces the daunting prospect of fresh legal challenges to test how robust it is when it comes to ensuring that EU citizens’ rights are adequately protected when their data flows to the US.

“We managed to balance security and the right to privacy and data protection,” von der Leyen said. She referrred to the new  agreement “balanced and effective” but provided no specifics on what has actually been decided.

EU citizens will now be able to seek redress from “a new multi-layer redress mechanism that includes an "independent Data Protection Review Court” that the US administration says would consist of individuals “chosen from outside the US Government who would have full authority to adjudicate claims and direct remedial measures as needed”. 

The response from the technology industry to the news of another revived data transfer deal was universally positive. Both  Google and  Meta has been asking recently for the two sides to come up with a viable compromise, was quick to welcome the announcement.

European Commission:      White House:        CNBC:     Techcrunch:      Microsoft:     Law360:    Lexology:  

You Might Also Read: 

Who Do You Trust With Your Personal Data?:
 

« Cyber Criminals Volunteer For War In Ukraine
What Can The Healthcare Sector Learn From 2021’s Threat Landscape? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

Deep Identity

Deep Identity

Deep Identity is a boutique system integrator, with expertise in tailored identity governance & administration (IGA) and identity access management (IAM) solutions.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

Guidewire

Guidewire

Guidewire Cyence™ Risk Analytics is a cloud-native economic cyber risk modeling solution built to help the insurance industry quantify cyber risk exposures.

Blue Ridge Networks

Blue Ridge Networks

Blue Ridge offers a suite of solutions that enable secure remote access to the enterprise network with protection and control of endpoints.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

Single Point of Contact

Single Point of Contact

Single Point of Contact is a Managed IT Services provider that helps businesses to achieve a seamless and secure IT environment.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

SektorCERT

SektorCERT

SektorCERT is the cybersecurity center for the critical infrastructure sectors in Denmark. We help detect and handle when critical infrastructure is exposed to cyber attacks.

DynTek

DynTek

DynTek delivers exceptional, cost-effective professional IT consulting services, end-to-end IT solutions and managed IT services.

IONIX

IONIX

IONIX is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your real attack surface and its digital supply chain.

Dial A Geek

Dial A Geek

Dial A Geek are a Bristol-based B Corp that provides Managed IT Services to companies of 20+ users. We help businesses with a smart use of tech, including compliance and cybersecurity solutions.