The Trans-Atlantic Data Privacy Framework
The United States and the European Commission have committed to a new Trans-Atlantic Data Privacy Framework. This is the third such effort to ensure the free flow of data between the US and the European Union. The previous efforts have been invalidated by the European Court of Justice.
All eyes will be on Maximillian Schrems after the latest effort. His complaints and advocacy led to the invalidation of first the US-EU Safe Harbor Framework and subsequently to the EU-US Privacy Shield. An activist and attorney and someone who cares a lot about privacy, Schrems has reviewed the data privacy protections required under EU law and compared them against the obligations imposed on US businesses by the previous frameworks and found them wanting.
It is certain that Schrems and the non-profit that he founded, NOYB – (meaning “None of Your Business”) European Center for Digital Rights will be carefully reviewing the new Trans-Atlantic Data Privacy Framework.
The European Commission and their American counterparts have also been carefully reviewing the new framework with two objectives in mind: It needs to stand up to the scrutiny from Schrems, NOYB – European Center for Digital Rights, and others, but it also is intended to normalize trans-Atlantic data flows.
The drafters of the framework recognize that the continued flow of data supports more than $1 trillion in cross-border commerce annually. The continued flow of data keeps markets open and competitive. The regular flow of data between the US and European Union helps to maintain the extremely significant economic relationship between the two. They currently have a $7.1 trillion economic relationship.
That is what is at stake. So let’s take a look at what the drafters did to stand up to the scrutiny that will surely be aimed at the new framework. Their approach was to use the Privacy Shield Framework as a starting point and resolve the issues that had been identified as being problematic when the Privacy Shield Framework was invalidated.
Accordingly, per the White House, the United States has committed to:
- Strengthen the privacy and civil liberties safeguards governing US signals intelligence activities
- Establish a new redress mechanism with independent and binding authority
- Enhance its existing rigorous and layered oversight of signals intelligence activities
Specifically, per the White House, the Trans-Atlantic Data Privacy Framework ensures that:
- Signals intelligence collection may be undertaken only where necessary to advance legitimate national security objectives, and must not disproportionately impact the protection of individual privacy and civil liberties
- EU individuals may seek redress from a new multi-layer redress mechanism that includes an independent Data Protection Review Court that would consist of individuals chose from outside the US Government who would have full authority to adjudicate claims and direct remedial measures as needed
- US intelligence agencies will adopt procedures to ensure effective oversight of new privacy and civil liberties standards.
EU data privacy regulation is better developed than US data privacy regulation. Now that companies can more freely transfer data from the EU, they will need to have the proper tools to comply with EU laws such as the General Data Protection Regulation. Thankfully, Clarip has data privacy compliance solutions that companies can use to comply with regulations from either side of the Atlantic. Clarip has automated data subject request fulfillment, automated data mapping, website scanning, consent management, vendor management, and much more. Visit us at www.clarip.com or call us at 1-888-252-5653.
Email Now:
Mike Mango, VP of Sales
mmango@clarip.com
Other Articles on this Topic:
Data Transfers and Adequacy between Non-EU Countries
Cookies & Data Transfers: The Google Analytics decision
The Schrems Decisions: Cross-border Data Transfers
Cross-Border Standard Contractual Clauses after Schrems II