{"id":4595,"date":"2022-04-05T10:30:19","date_gmt":"2022-04-05T15:30:19","guid":{"rendered":"https:\/\/blogs.luc.edu\/compliance\/?p=4595"},"modified":"2022-04-05T10:30:19","modified_gmt":"2022-04-05T15:30:19","slug":"biden-administration-works-with-the-eu-to-develop-new-data-sharing-agreement","status":"publish","type":"post","link":"https:\/\/blogs.luc.edu\/compliance\/?p=4595","title":{"rendered":"Biden Administration Works with the EU to Develop New Data-Sharing Agreement"},"content":{"rendered":"

Danielle McNamara<\/em><\/span><\/p>\n

Associate Editor<\/em><\/span><\/p>\n

Loyola University Chicago School of Law, JD 2023<\/em><\/span><\/p>\n

After the EU invalidated<\/a> the previous data transfer agreement between the EU and the US in July of 2020, many big tech companies have been left unsure how to keep business flowing from Europe without the ability to store data within the US. To the relief of these companies, the Biden Administration has reached a preliminary agreement for a new deal with the EU. Coined the Trans-Atlantic Data Privacy Framework, this new agreement works to address<\/a> concerns raised by the EU.<\/span><\/p>\n

Previous data-sharing arrangement<\/strong><\/span><\/p>\n

In 2016, the EU and the US had worked out a plan titled Privacy Shield to allow data sharing between the US and Europe. Privacy Shield<\/a> was designed by the US Department of Commerce and the European Commission and Swiss Administration to provide a mechanism to comply with data protection requirements while transferring data from the EU and Switzerland to the US. The arrangement was deemed appropriate to enable data transfers under EU law on July 12, 2016, and on January 12, 2017 in Switzerland.<\/span><\/p>\n

However, on July 16, 2020, the Court of Justice of the European Union issued a judgment declaring the EU\u2019s 2016 decision invalid for failing to adequately protect Europeans\u2019 data. This decision marks the second time in the recent past that the EU Court of Justice has deemed US safeguards<\/a> on Europeans\u2019 data insufficient citing its failure to provide effective means to challenge surveillance of their data by the US government while in the US.\u00a0 Following suit just two months later, the Federal Data Protection and Information Commissioner (\u201cFDPIC\u201d) of Switzerland likewise concluded that the Privacy Shield Framework did not provide adequate levels of protection for data transfers from Switzerland to the US.<\/span><\/p>\n

US tech companies struggle to move data across boarders<\/strong><\/span><\/p>\n

Without an agreement allowing data-sharing from Europe to the US, companies like Meta and Google have faced legal challenges while attempting to effectively transfer data. Specifically, these companies have faced uncertainty<\/a> with their ability to use US-based data centers to measure their website traffic, sell online ads, or run company payroll in Europe. In a recent annual report, Meta said it is considering shutting down<\/a> Facebook and Instagram in Europe altogether if it can no longer transfer user data back to the US. Meta emphasized that many businesses, services, and organizations rely on data transfers between the EU and the US to operate global services.<\/span><\/p>\n

What is the Trans-Atlantic Data Privacy Framework? <\/strong><\/span><\/p>\n

In late March 2022, the US and EU announced that they have reached a preliminary agreement for a new data transfer deal. The deal, deemed the Trans-Atlantic Data Privacy Framework, <\/a>aims to address concerns the EU Court of Justice raised in its July 2020 judgment declaring Privacy Shield inadequate. Specifically, the Framework plans to establish an appeals process for EU individuals. This will be done through an independent Data Protection Review Court. The Court will have binding authority to adjudicate claims and impose regulations.<\/span><\/p>\n

According to a statement<\/a> released by the White House Administration, the new framework aims to \u201cstrengthen the privacy and civil liberties protections applicable to US signals intelligence activities.\u201d President Biden has stated<\/a> that the new deal will emphasize commitment to privacy and \u201conce again authorize trans-Atlantic data flows that help facilitate $7.1 trillion in economic relations with the EU.\u201d<\/span><\/p>\n

Relief and reservations following the announcement<\/strong><\/span><\/p>\n

Expectedly, representatives of big tech companies like Meta are thrilled with the news of the preliminary agreement. Nick Clegg, president of global affairs at Meta stated<\/a> the framework was an important step toward providing certainty for companies that rely on transferring data quickly and safely between American and Europe. Moreover, Victoria Espinel, president and CEO of the software industry trade group BSA, emphasized<\/a> that the movement of data freely and securely will help to support the technical transformation of thousands of businesses in Europe and the United States.<\/span><\/p>\n

However, others are hesitant as to whether the new framework will provide adequate protection. Particularly, Australian privacy campaigner Max Schrems, an activist in the group Noyb, has led efforts to get the data-transfer agreement invalidated. He said in a statement<\/a> that if it is discovered the deal is not in line with EU law, his activist group or another would likely challenge it. Schrems has notably disapproved of the way corporations like Meta have gone about data transfers, suing<\/a> Facebook in 2014 over its data collection methods.\u00a0<\/span><\/p>\n

Status of the deal<\/strong><\/span><\/p>\n

As of now, the Trans-Atlantic Data Privacy Framework still needs to be translated into a legal document approved by both the US and the EU. According to a fact sheet<\/a> released by The White House, the US commitments to the deal will be included in an Executive Order, forming the basis of the Commission\u2019s assessment of the deal\u2019s adequacy. While many are hopeful that the deal will gain approval, others are unsure whether the remedies proposed will be sufficient to gain the approval of the EU.<\/span><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

After the EU invalidated the previous data transfer agreement between the EU and the US in July of 2020, many big tech companies have been left unsure how to keep business flowing from Europe without the ability to store data within the US. To the relief of these companies, the Biden Administration has reached a preliminary agreement for a new deal with the EU. Coined the Trans-Atlantic Data Privacy Framework, this new agreement works to address concerns raised by the EU.<\/p>\n","protected":false},"author":97,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1152,1205,1623,1690],"class_list":["post-4595","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-international-affairs","tag-journal-of-regulatory-compliance","tag-cybersecurity","tag-regulation"],"_links":{"self":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/4595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/users\/97"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4595"}],"version-history":[{"count":0,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/4595\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4595"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4595"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}