EU and US agree on new framework for transatlantic data flows
On 25 March 2022, Joe Biden, President of the United States and Ursula von der Leyen, President of the European Commission announced a political agreement for new a Privacy Shield framework that will promote growth and innovation in Europe and the US and help companies of all sectors and sizes compete in the digital economy.
In his address, President Biden underscored a shared commitment between the EU and US to privacy, data protection and to the rule of law.
This long-awaited agreement comes after years of negotiations following the Schrems II ruling at the Court of Justice of the European Union (CJEU) in July 2020. This ruling invalidated the EU-US Privacy Shield and cast doubt over the legitimacy of other means (standard contractual clauses) to legally transfer personal data from the EU to the US.
This has led to a lengthy period of persistent uncertainty for businesses around what services they can use, as well as increased compliance costs.
The EU and US are key trading partners, with the US Chamber of Commerce suggesting that the data transfer relationship between the US and EU is worth around $7.1 trillion. In fact, global data flows now contribute more to global growth than global trade in goods.
While this political agreement will bring reassurance for the hundreds of businesses relying on transatlantic data flows, a formal legal text will still need to be developed and approved by both sides of the Atlantic. The new agreement will also have to stand the test of scrutiny from privacy and civil liberties groups, if the new agreement is taken back to the CJEU.
As the EU and US make progress on a new agreement, the UK must also build on its ambition to strike a new deal for UK-US data transfers.
Julian David, CEO of techUK, said on today’s announcement:
“We are delighted to hear that an agreement has been reached on a replacement for the Privacy Shield. It has been a long two years of legal uncertainty for companies of all sizes and sectors transferring data for basic business services across the Atlantic. While there are other legal means to transfer personal data, this agreement will be vital for SMEs, who have developed their products and services in compliance with the toughest privacy laws on the planet, but who don’t have capacity or resources for SCCs or BCRs.
The EU and the US are the two top markets for UK tech and the ability to responsibly and easily transfer personal data across the borders is crucial for the sector’s growth and success. This agreement will also provide the transatlantic partners with the framework to work together on safe data flows routes with other like-minded countries, as well as at multilateral level.”
Julian David
Julian David is the CEO of techUK, the leading technology trade association that aims to realise the positive outcomes that digital technology can achieve for people, society, the economy and the planet.
Dani Dhiman
Dani is Policy Manager for Artificial Intelligence & Digital Regulation at techUK, and previously worked on files related to data and privacy. She formerly worked in Vodafone Group's Public Policy & Public Affairs team supporting the organisation’s response to the EU Recovery & Resilience facility, covering the allocation of funds and connectivity policy reforms. Dani has also previously worked as a researcher for Digital Catapult, looking at the AR/VR and creative industry.
Sabina Ciofu
Sabina Ciofu is Associate Director – International, running the International Policy and Trade Programme at techUK.