July 4, 2022

Volume XII, Number 185

Advertisement
Advertisement

EDPB Adopts Statement on the Announcement of an Enhanced EU-U.S. Privacy Shield

On April 7, 2022, the European Data Protection Board (the “EDPB”) released a statement on the announcement of a new Trans-Atlantic Data Privacy Framework (the “Statement”).

A new framework for transfers of personal data between the EU and the U.S. has been needed since the previous EU-U.S. Privacy Shield framework was annulled by the Court of Justice of the European Union (“CJEU”) in the Schrems II judgment in July 2020. Discussions on a potential enhanced EU-U.S. Privacy Shield framework had recently intensified.

In the Statement, the EDPB welcomes the announcement of a political agreement in principle between the European Commission and the U.S. and indicates that it sees U.S. authorities’ commitment to implement measures to protect EU individuals’ privacy and personal data as a positive first step in the right direction. The EDPB reminds, however, that the joint announcement of the European Commission and the U.S. does not yet constitute a legal framework that can be relied on to legitimize transfers between the EU and the U.S. For the time being, companies must continue taking the necessary measures to comply with the transfer requirements of the EU General Data Protection Regulation and the Schrems II judgment.

Once available, the EDPB will examine the European Commission’s draft adequacy decision for the U.S. in light of EU law, CJEU case law and its prior recommendations on this topic. In particular, the EDPB will verify how U.S. authorities’ suggested reforms ensure that the collection of personal data for national security purposes is limited to what is strictly necessary and proportionate, and that an independent redress mechanism is made available to provide EU individuals with an effective remedy and fair trial.

Read the EDPB Statement and the Press Release.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XII, Number 97
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement