EU and U.S. agree on basis for new transatlantic data privacy framework

EU and U.S. agree on basis for new transatlantic data privacy framework

The Decision 2016/1250 of the Commission declaring the last agreement between the US and the European Union, known as the “Privacy Shield” for international data transfers, to have an adequate level of data protection was annulled on July 16^th, 2020 by a judgment of the European Court of Justice. Likewise, this “Privacy Shield” agreement replaced the so-called “Safe Harbor“, which was also annulled by the European Court of Justice in 2015.

The reason on which the European Court of Justice based its decision to annul the application of this “Privacy Shield” agreement on international transfers between the US and the EU was that the US did not provide sufficient guarantees to ensure the effective protection of the privacy of user data and an equivalent level of protection that was guaranteed in the EU following the entry into force of the General Data Protection Regulation (“GDPR“).

It is for this reason that from July 16^th, 2020 until the current date, the relationship in terms of data transfers between the North American and European territory has been governed or regulated by the signing of what are known as the “standard clauses“, i.e. standard clauses approved by the European Commission that had to be included in contracts for international data transfers between European organizations and organizations outside the European Economic Area (“EEA”).

It was on July 4^th, 2021 that the European Commission approved the new standard contractual clauses, which comply more fully with the data protection requirements of the GDPR.

Notwithstanding the above, the President of the European Commission has announced that an agreement has been reached with the U.S. government on a new framework for the regulation of transatlantic data transfers, whose main features or highlights will be detailed in this article.

New data protection framework

This new framework/agreement for the transfer of data between both territories will replace the “Privacy Shield” and will establish a new legal framework in this regard that will comply with the guarantees required by the current European regulations on the matter, boosting companies, above all, belonging to the technological and digital sector from the safeguarding and protection of the fundamental rights of North American and European users.

What can we expect from the new Transatlantic Data Privacy Framework?

According to the U.S. government and the European Commission, this new agreement, as well as the future Transatlantic Data Privacy Framework, will enable data transfers in a secure and reliable manner, and will entail a greater alignment of regulations regarding privacy and intelligence activities between the EU and the U.S., committing to:

• Increase and improve the guarantees for users regarding their civil liberties, data protection and other fundamental rights in relation to intelligence activities between the aforementioned territories.
• Implement a complaint mechanism, as well as a compensation mechanism, for users whose data protection rights have been violated, by creating an independent supervisory authority to handle such data protection violations of European and North American users with binding decision-making powers.
• Pay special attention to improving the supervision of intelligence activities, being only allowed in accordance with the achievement of national security objectives and always ensuring that their processing does not disproportionately affect the personal privacy, fundamental rights and civil liberties of users.