Since the most recent mechanism to ensure “safe” data transfers between the European Union and United States was rescinded, companies on both sides of the Atlantic have hoped a viable replacement would come into force quickly to provide the same level of legal assurance.
Fortunately, momentum is gathering toward a new standard.
The July 2020 ruling by the Court of Justice of the European Union (CJEU) to invalidate the Privacy Shield placed companies at increased risk of violating the EU’s General Data Protection Regulation (GDPR) when transferring data between the two regions. This is because U.S. surveillance laws allow excessive access to EU citizens’ personal data for national security reasons.
In the aftermath of the ruling, standard contractual clauses (SCCs) and binding corporate rules (BCRs) gained popularity as alternatives for enabling transatlantic data flows. But neither mechanism provides the cover of the Privacy Shield, meaning businesses have viewed a new agreement between the European Union and United States as necessary.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Trial Membership
First week free, then $499 for an annual Membership
Cancel anytime within the trial period.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
The European Commission announced it adopted a new agreement with the United States to allow for transatlantic data flows without fear of violating the European Union’s General Data Protection Regulation.
Meta and other Big Tech firms will soon learn if they might be prevented from transferring the personal data of European citizens to the United States in the way they do now.
The government office for national statistics in Portugal was assessed a fine of €4.3 million (U.S. $4.6 million) by the country’s data protection authority for multiple violations of the General Data Protection Regulation that occurred during its 2021 census work.
The Dubai International Financial Centre announced the California Consumer Privacy Act passes muster, allowing compliant California businesses to be the first permitted to transfer data with the DIFC without additional contractual measures.
The European Commission might have given a green light to the latest mechanism to allow safe data transfers between the European Union and the United States, but experts have mixed views regarding how long it will last and whether it is even legal.
The former chief privacy officer at Grindr is suing the company behind the LGBTQ dating app for wrongful termination regarding alleged privacy violations he raised that new management ignored.
