On March 25th, U.S. President Joe Biden and European Commission President Ursula von der Leyen announced that the U.S. and EU have reached an agreement in principle for a new Trans-Atlantic Data Privacy Framework.
According to the joint statement of the European Commission and United States, the new framework addresses the legal issues raised by the CJEU’s decision on the Schrems II case and aims to provide safe and secure data flows.
Based on the new framework:
- Data will be able to flow freely and safely between the EU and U.S.;
- A new set of rules and binding safeguards will be imposed to limit the access to the data by U.S. authorities to the extend it is necessary and proportionate to protect national security;
- A Data Protection Review Court will be established to investigate and resolve complaints of Europeans as part of a new two-tier redress system;
- Obligations for U.S. companies on data protection will be strengthened;
- Specific monitoring and review mechanisms will be established.
The agreement hasn’t been translated into legal documents yet and therefore the EU Commission has not taken yet an adequacy decision according to Art. 45 of GDPR. It remains to be seen whether the new framework will provide a durable and reliable legal basis for the data flows between the EU and U.S. as indicated in the joint statement.
As my team and I monitor data protection laws and regulations closely, we’ll keep informing you of further developments in this regard.
Contact Lisa Waldherr to learn more about regulatory watch, an add-on compliance service for cleversoft customers.