On March 25, 2022, the U.S. and European Commission Presidents announced their agreement in principle to the Trans-Atlantic Data Privacy Framework (the "Framework"), that is meant to replace the invalidated EU-U.S. Privacy Shield and foster trans-Atlantic data flows.1
The Framework, when finalized, will re-establish a legal mechanism for transfers of EU personal data to the United States and provide adequate protection of European’s data transferred to the U.S. Under the new Framework, the U.S. will implement additional safeguards to ensure the personal data of EU citizens is safe. The U.S. has made commitments to:
- Strengthen the privacy and civil liberties safeguards governing U.S. signals intelligence activities;
- Establish a new redress mechanism with independent and binding authority; and
- Enhance its existing rigorous and layered oversight of signals intelligence activities.2
In a statement released by the European Data Protection Board ("EDPB"), the EDPB stated that the Framework is a positive first step but that they will continue to examine how this political agreement will translate into concrete legal proposals that addresses the concerns raised by the Court of Justice of the European Union in the Schrems II decision.3
The announcement arrives on the heels of decisions from Austria and France invalidating the use of Google Analytics due to inadequate protections for the transfer of EU personal data to the U.S. These recent decisions highlight the need for an appropriate framework for data processing and transmission of data between the U.S. and the EU.
Proofpoint and other U.S. companies will be eagerly awaiting as the agreement in principle is translated into legal documents.
© 2022. All rights reserved. The content on this site is intended for informational purposes only.
Last updated November 01, 2022.