On March 25, 2022, the United States and European Commission announced that they had reached an agreement on what is called the Trans-Atlantic Data Privacy Framework (the Framework), which would create new legal protections for European Union personal data when it enters the United States.
The agreement is the culmination of almost two years of negotiations between the United States and the European Commission as they attempted to address the Court of Justice of the European Union’s decision in the Schrems II case. That ruling effectively struck down the existing Privacy Shield trans-Atlantic data transfer program due to insufficient redress mechanisms available to European individuals when they felt they had been unlawfully targeted by U.S. surveillance activities.
As we’ve written numerous times in the past, and explored in-depth in an expert roundtable and accompanying report, Privacy Shield served as a vital transfer mechanism for small and medium-sized businesses that wished to comply with the General Data Protection Regulation (GDPR) but did not possess the resources or sophisticated legal departments needed to draft and administer the standard contractual clauses or other more complicated transfer mechanisms. Almost as soon as the Privacy Shield was struck down, we called on stakeholders from both sides to quickly find a new path forward and were active in the intervening time vocalizing the needs of our member companies to the Department of Commerce and other relevant parties.
Today, we write to the Administration to applaud the announcement of the new Framework and to state our willingness to help in any way we can as the agreement is translated into legal text and moved toward implementation.
Read the full letter here.