Last week the Biden administration and the European Commission jointly announced a new trans-Atlantic data flow agreement. While no specifics have yet been made public, a recent press release gives the high-level facts of this pivotal economic agreement, which is the product of more than a year's worth of negotiations that will "enable the continued flow of data that underpins more than $1 trillion in cross-border commerce every year" (find our previous articles on cross-border data transfer here, and here). This "agreement in principle" would reinstate a framework to allow the free exchange of data between the United States and the European Union (EU) without violating the General Data Protection Regulation (GDPR).
The previous agreement for trans-Atlantic data flows, called "Privacy Shield" was struck down by the Court of Justice of the EU (CJEU) in 2020. The new agreement will preserve some aspects of the old Privacy Shield, such as the requirement to self-certify with the U.S. Department of Commerce. The "New" Privacy Shield will require the U.S. to implement new safeguards to ensure the surveillance practices of U.S. intelligence are "necessary and proportionate," and will feature a new mechanism for Europeans to seek redress if they are unlawfully targeted by those practices, addressing key reasons for the invalidation of the old Privacy Shield. The final version of the agreement will be subject to the usual approval processes by the U.S. and the EU, including an opinion of the European Data Protection Board (EDPB) on the European Commission's proposal.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
