- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Neil Hodge2023-03-03T14:00:00
Since the most recent mechanism to ensure “safe” data transfers between the European Union and United States was rescinded, companies on both sides of the Atlantic have hoped a viable replacement would come into force quickly to provide the same level of legal assurance.
Fortunately, momentum is gathering toward a new standard.
The July 2020 ruling by the Court of Justice of the European Union (CJEU) to invalidate the Privacy Shield placed companies at increased risk of violating the EU’s General Data Protection Regulation (GDPR) when transferring data between the two regions. This is because U.S. surveillance laws allow excessive access to EU citizens’ personal data for national security reasons.
In the aftermath of the ruling, standard contractual clauses (SCCs) and binding corporate rules (BCRs) gained popularity as alternatives for enabling transatlantic data flows. But neither mechanism provides the cover of the Privacy Shield, meaning businesses have viewed a new agreement between the European Union and United States as necessary.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Register for free
Access one free, non-premium article each month.
Complimentary CPE webcasts, resources, and e-Books.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
The European Commission announced it adopted a new agreement with the United States to allow for transatlantic data flows without fear of violating the European Union’s General Data Protection Regulation.
Meta and other Big Tech firms will soon learn if they might be prevented from transferring the personal data of European citizens to the United States in the way they do now.
The government office for national statistics in Portugal was assessed a fine of €4.3 million (U.S. $4.6 million) by the country’s data protection authority for multiple violations of the General Data Protection Regulation that occurred during its 2021 census work.
Big Tech firms might need to rethink their plans to charge users for not selling their personal data for behavioral advertising following a decision by Europe’s primary data regulator.
The California Privacy Protection Agency warned businesses to stop asking for excessive information from consumers who have requested to opt out of having their data collected or who are otherwise exercising their privacy rights under the California Consumer Privacy Act.
The U.S. Department of Transportation is looking to thwart the nation’s 10 largest airlines from monetizing passenger data or selling it to third parties.
