Third Time’s the Charm? “Privacy Shield 2.0” Emerges as EU Approves New Data Transfer Deal with the United States

Samuel Goldstick
Foley & Lardner LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Foley & Lardner LLP

Nearly three years after the European Union’s (“EU”) high court struck down the EU-U.S. Privacy Shield Framework, the European Commission (the “Commission” or “EC”) adopted an adequacy decision for the EU-U.S. Data Privacy Framework (the “Data Privacy Framework”) on July 10, 2023, stating that the United States ensures a level of data protection equivalent to that of the EU. The decision effectively allows for the safe transfer of personal data from the EU to U.S. companies participating in the Data Privacy Framework without putting additional transfer safeguards in place.

The approval comes as a bit of a surprise, as previously members of the European Parliament and the European Data Protection Board recommended against approving the Data Privacy Framework. Furthermore, NOYB – European Center for Digital Rights founder Max Schrems, who successfully contested the validity of the U.S.-EU Safe Harbor and the EU-U.S. Privacy Shield frameworks, has vowed to challenge the new framework in court.

U.S. companies will be able to certify their participation in the Data Privacy Framework by committing to comply with a detailed set of privacy obligations. According to the U.S. Department of Commerce, which is charged with administering and monitoring the Data Privacy Framework, the privacy principles and the process to self-certify and recertify annually under this new framework will remain substantively the same as those under the EU-U.S. Privacy Shield Framework.

Companies currently self-certified under the EU-U.S. Privacy Shield Framework will have access to a simplified procedure for self-certification under the EU-U.S. Data Privacy Framework. Like before, the U.S. Federal Trade Commission will enforce U.S. companies’ compliance with the new framework.

According to the Commission, the Data Privacy Framework addresses all concerns raised by the EU’s highest court, including with respect to access to EU data by U.S. intelligence services. European citizens also are offered improved redress mechanisms if their personal data is handled in a manner that infringes on the Data Privacy Framework, including through the newly created Data Protection Review Court. The new framework will be subject to periodic reviews by the EC and representatives of European data protection authorities and competent U.S. authorities.

Further details about the Data Privacy Framework and the certification process are expected to be posted on the U.S. Department of Commerce’s dedicated website for this new framework.

The EC has also released a fact sheet and Questions and Answers containing additional information about this new framework.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Foley & Lardner LLP | Attorney Advertising

Written by:

Foley & Lardner LLP
Foley & Lardner LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Foley & Lardner LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide