Articles

11Oct

U.S.-EU Data Transfer Deal Close to Finish Line

The President just signed an executive order on government surveillance that should pave the way to an operable trans-Atlantic data transfer deal with the European Union (EU) by spring 2023.

The prior deal, the U.S.-EU Privacy Shield, was struck down by a European court in March 2020 in the Schrems II case.

Insights and analytics companies that retained their self-certification, like through the Insights Association’s Privacy Shield program, should be able to transition quickly to the new data framework once it comes to fruition. The IA Privacy Shield Program is a benefit exclusive to company members and corporate research department members, since IA serves as an Independent Recourse Mechanism (IRM), a required component of the program.

The White House’s October 7, 2022 Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities directs “steps that the United States will take to implement the U.S. commitments under the European Union-U.S. Data Privacy Framework (EU-U.S. DPF) announced by President Biden and European Commission President von der Leyen in March of 2022.” It aims to "restore an important legal basis for transatlantic data flows by addressing concerns that the Court of Justice of the European Union raised in striking down the prior EU-U.S. Privacy Shield framework as a valid data transfer mechanism under EU law."

Welcoming “significant improvements compared to the Privacy Shield,” the European Commission announced it would move to adopt an "adequacy decision" under the EU General Data Protection Regulation (GDPR) for the framework. As the Commission explained:

The adoption procedure for an adequacy decision consists of different steps: obtaining an opinion from the European Data Protection Board (EDPB) and the green light from a committee composed of representatives of the EU Member States. In addition, the European Parliament has a right of scrutiny over adequacy decisions. Only after that, the European Commission can adopt the final adequacy decision in relation to the US. From that moment on, data will be able to flow freely and safely between the EU and US companies certified by the Department of Commerce under the new framework. US companies will be able to join the framework by committing to comply with a detailed set of privacy obligations.

IAPP also shared an infographic in March mapping the process.

Nothing is yet set in stone, of course. Privacy Shield was struck down by the courts several years after the preceding Safe Harbor was similarly invalidated. As soon as the Biden Administration's executive order was announced, a leading EU activist group warned it was “likely still insufficient to protect Europeans’ privacy and personal data when it crosses the Atlantic.” Such activist groups probably are already preparing their new opposition briefs for court.

However, the Insights Association remains optimistic.

"IA members who have maintained their U.S. Privacy Shield enrollment throughout the last few chaotic years are looking forward to resolving the critical U.S.-EU concerns that invalidated the framework in 2020," commented Juliana Wood, IA Director of Certifications.

IA company and department members interested in Privacy Shield and the new EU-U.S. Data Privacy Framework should contact Juliana Wood.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

Michigan Personal Data Privacy Act - S.B. 1182

Michigan Personal Data Privacy Act - S.B. 1182

The Michigan Personal Data Privacy Act (S.B. 1182) is comprehensive privacy legislation with similar...

Read More >
Michigan Consumer Privacy Act - H.B. 5989

Michigan Consumer Privacy Act - H.B. 5989

The Michigan Consumer Privacy Act (H.B. 5989) is comprehensive state data privacy legislation modele...

Read More >
Warner Proposes Cybersecurity Policy Changes for Health Care

Warner Proposes Cybersecurity Policy Changes for Health Care

Sen. Mark Warner (D-VA) is circulating a “policy options document” around DC in search of feedback...

Read More >
New York Child Data Privacy and Protection Act - S. 9563

New York Child Data Privacy and Protection Act - S. 9563

The New York Child Data Privacy and Protection Act (S. 9563) is legislation modeled on a recent Cali...

Read More >
Will Lame Duck Congress Advance a Kids Privacy Bill?

Will Lame Duck Congress Advance a Kids Privacy Bill?

​​​​​​​Senate Commerce Committee Chair Maria Cantwell is pushing to pass a pair of bills aime...

Read More >
Fighting for You: November 2022 Legislative and Regulatory Update

Fighting for You: November 2022 Legislative and Regulatory Update

With American Thanksgiving now in the rearview mirror, let’s look back at the biggest challenges th...

Read More >
Members only Article - Please login to view