EU and US in talks to solve the data transfer dilemma
The US Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-US Privacy Shield framework to comply with the 16 July judgement of the Court of Justice of the European Union (CJEU) in the Schrems II case. (See News on 16 July and 28 July) The parties announced on 10 August that they ‘recognise the vital importance of data protection and the significance of cross-border data transfers to our citizens and economies’.
The US Department of Commerce has said that it will continue to administer the Privacy Shield program, including processing submissions for self-certification and re-certification to the Privacy Shield Frameworks and maintaining the Privacy Shield List. It has issued FAQs on its website about the future of the programme.
The EU DPAs are not granting any moratorium for the enforcement of the CJEU decision, but there are already differing views what the decision means in practice. The DPAs are expected to issue guidance through the European Data Protection Board.
See:
- Joint Press Statement from European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Wilbur Ross
- EDPB - Frequently Asked Questions on the judgment of the Court of Justice of the European Union in Case C-311/18 - Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems
- Privacy Shield Framework FAQs – EU-U.S. Privacy Shield Program Update