The European Union (EU) and United States have reached an agreement to establish a new Data Privacy Framework (Framework), which will foster trans-Atlantic data flows.
The new framework will also address the concerns raised by the Court of Justice of the European Union when it struck down in 2020 the Commission’s adequacy decision underlying the EU-U.S. Privacy Shield framework.
Replaces Privacy Shield
In July 2020, Court of Justice for the European Union (CJEU) invalidated the Privacy Shield as it was not valid under the General Data Protection Regulation (GDPR) and did not provide an “adequate level” of privacy protection.
As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.
New Framework
The proposed framework aims to addresses the CCJEU’s Schrems II decision concerning U.S, law governing signals intelligence activities. Under the Trans-Atlantic Data Privacy Framework, the United States has committed to the following:
- Strengthen the privacy and civil liberties safeguards governing U.S. signals intelligence activities;
- Establish a new redress mechanism with independent and binding authority; and
- Enhance its existing rigorous and layered oversight of signals intelligence activities.
