EU-US data privacy framework nudges forward
On 3 July, the US Secretary of Commerce Gina Raimondo issued a statement saying that the US has now fulfilled its commitments for implementing the EU-US Data Privacy Framework.
Speaking at the Privacy Laws & Business international conference on Monday on the forthcoming EU-US Data Privacy Framework, Hannah Mayer, Senior Counsel, Office of Privacy and Civil Liberties, Department of Justice, US, described the work that has been done to prepare for the draft framework which the parties are expected to adopt later this summer. This includes implementing the Executive Order by, for example, creating enhanced privacy safeguards to all regardless of nationality or residence. The EU countries, as well as Norway, Liechtenstein and Iceland (EEA countries) have been designated as ‘qualifying states’ for the purposes of the US redress mechanism. Mayer stressed that the redress mechanism will be independent, and that the Privacy and Civil Liberties Oversight Board (PCLOB) has agreed to annual reviews.
Bertrand du Marais, Commissioner for International Affairs, CNIL, France’s Data Protection Authority, said in the same session that he is reasonably optimistic that the framework will be approved soon. He had reservations on some issues though, including the lack of clear data retention rules, and the fact that the definition of ‘risk to national interest’ is a concept that changes due to circumstances. The European Data Protection Board has previously issued its comments on the framework pointing out several issues that still needed to be looked at.