New avenues for international transfers
The political announcement of a new Trans-Atlantic Data Privacy Framework for data transfers by President of the European Commission, Ursula von der Leyen and US President Joe Biden, took place in March, but we do not expect to have a deal in place until the very end of this year or the beginning of 2023. The very fact that the US is expected to put in place an Executive Order this summer on limiting data gathering for national security purposes, as well as on redress, gives confidence that companies in the future will want to rely on this route for their transfers. The Executive Order will form the basis of a draft adequacy decision by the European Commission which will then have to be approved in the usual way by the European institutions. As MEPs from the European Parliament LIBE Committee were visiting Washington in May, there are some signs of progress.
Other options for international transfers of course exist too – the EU has just issued FAQs on its revised Standard Contractual Clauses, and Hong Kong has issued its model clauses for best practice. We have also seen plans to revive the APEC Cross Border Privacy Rules. Significant, but not publicised, was UK participation at the Global Cross-Border Privacy Rules CBPRs meeting in Hawaii where stakeholders discussed how the framework could be modified. In the meantime, the UK is working on its own adequacy decisions, including one for the US.
In the field of EU e-Privacy, a final push is needed to get the Regulation finally over the line. Read my interview with FEDMA on this topic.
When in Brussels, I also had the pleasure to interview Wojciech Wiewiórowski, on the EDPS’s active role and participation at the DPAs’ European Data Protection Board. Our Asia-Pacific Editor, Graham Greenleaf, analyses Sri Lanka’s new law which is the first comprehensive data privacy law in South Asia. To add to this stellar group of data protection experts, Steve Wood, the OECD privacy working group’s first chair, and until recently UK ICO Deputy Commissioner, writes about the OECD’s work.
We look forward to meeting you at Winds of Change, PL&B’s 35th Anniversary Conference 4-6th July back again at St. John’s College, Cambridge.
Editor, Privacy Laws & Business