On October 7, 2022, President Biden signed an Executive Order establishing the US's commitments with respect to the Trans-Atlantic Data Privacy Framework. With it, the Administration took a significant step toward establishing a new, more stable data privacy and cybersecurity environment for data transfers between the EU and US. It also fulfilled commitments the US had agreed to in principle as reflected in the March joint US-EU announcement of the Trans-Atlantic Data Privacy Framework. The Framework seeks to address perceived gaps in US surveillance law undercutting data protection rights of individuals in the EU that contributed to the European Court of Justice (CJEU) invalidating two previous data transfer frameworks between the EU and the US: the Safe Harbor framework in 2015 (Schrems I), and its successor, the Privacy Shield Framework in 2020 (Schrems II). The CJEU decisions found that US surveillance law meant that US entities participating in the prior data-transfer frameworks could not provide "adequate" protection for EU personal data as required under the European General Data Protection Regulation (GDPR). For the last two years, companies that exchange data between the EU and the US have faced a great deal of legal uncertainty. The Trans-Atlantic Data Privacy Framework and the EO represent a path toward restoring a legal basis for these economically vital data flows.
To read the full client alert, click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.