Skip to main content

U.S., EU, Working on New Privacy Shield

The Trump Administration has started to huddle with the European Commission to talk about enhancing the EU-U.S. Privacy Shield after the EU's Court of Justice ruled that the U.S. can't live up to its part of the bargain, promising to strengthen privacy protections. 

Concluding that it does not sufficiently protect data transferred from the EU to the U.S., the Court of Justice last month invalidated the "privacy shield." 

"The U.S. Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy Shield framework to comply with the July 16 judgment of the Court of Justice of the European Union in the Schrems II case," said Commerce Secretary Wilbur Ross and EU commissioner for Justice Dider Reynders in a joint statement Monday (Aug. 10). "This judgment declared that this framework is no longer a valid mechanism to transfer personal data from the European Union to the United States. 

Related: FTC Cracks Down on Alleged Privacy Shield Pretenders 

"The European Union and the United States recognize the vital importance of data protection and the significance of cross-border data transfers to our citizens and economies. We share a commitment to privacy and the rule of law, and to further deepening our economic relationship, and have collaborated on these matters for several decades."   

"As we face new challenges together, including the recovery of the global economy after the COVID-19 pandemic, our partnership will strengthen data protection and promote greater prosperity for our nearly 800 million citizens on both sides of the Atlantic." 

The shield was a way for U.S. companies to be considered in compliance with the EU's General Data Protection Regulation simply by signing on to the shield's data protection guarantees, rather than having to come up with individual policies and agreements to comply with the GDPR protections of cross-border data flows.  

In invalidating the shield the court said data protections in U.S. laws "are not circumscribed in a way that satisfies requirements that are essentially equivalent to those required under EU law."  

Now Commerce and the EU will have to find a way to get the U.S. data protections on the same page as the EU. 

Related: FCC, FTC Chairs Defend Privacy Rules Rollback

The FCC under former chairman Tom Wheeler approved tough U.S. data privacy rules, but they were invalidated by Republicans in Congress despite pushback by privacy groups and Democrats who have called for a consumer privacy "bill of rights."

“Cross-border data flows are pivotal to the $1.3 trillion trading relationship between the U.S. and EU and are relied upon by the more than 5,300 Privacy Shield-certified businesses," said Jason Oxman, president of tech association ITI. "We’re encouraged that the U.S. and EU have begun talks on a successor framework in the wake of the CJEU’s decision in the Schrems II case, and the tech industry is committed to working with all stakeholders in the development of such framework to protect individuals’ personal data while supporting innovation and the free flow of data.”