US and EU reach political agreement on new trans-Atlantic data privacy framework
Lore Leitner, Jack McCarthy and Gabe Maldoff of Goodwin analyse the implications for business.
On 25 March 2022, US President Joseph Biden and European Commission (EC) President Ursula von der Leyen announced that the US and EC had reached an agreement in principle on a new “Trans-Atlantic Data Privacy” framework (the New Framework) to facilitate the exchange of personal data from the European Union (EU) to the US. With an agreement now reached at the political level, officials at the EC and US Department of Commerce (DOC) are working to translate the consensus into legal documents, which will be submitted for approval over the coming months.
Once effective, the New Framework will resolve – at least for a time – key uncertainties that have threatened to shut off the flow of EU data to the US. While businesses on both sides of the Atlantic will welcome the added certainty the New Framework will create for transfers to the US, global data transfers likely will remain contentious in the years ahead as the regulation of data flows in the digital age continues to take on geopolitical tones. Until the New Framework comes into force, Standard Contractual Clauses(1)(SCCs) accompanied by Transfer Impact Assessments (TIAs) remain as the only viable option for many businesses. But even after using them, businesses can expect that they will need to evaluate their data transfer strategy on a case-by-case basis.
International Report subscribers please login to access the full article
If you wish to subscribe, please see our subscription information.