In Offering Reassurances on Data Transfer Pact, EU Signals Increased Risks for US Companies
Tuesday, November 17, 2015
In Offering Reassurances on Data Transfer Pact, EU Signals Increased Risks for US Companies
Print Mail Download i

Speaking at the Brookings Institute on Monday, EU Commissioner of Justice, Vera Jourova, sought to reassure the public that the US and EU would reach agreement on a new transatlantic data transfer pact – sometimes referred to as Safe Harbor 2.0 – in time for the end of January deadline set by EU DPAs.  In making her remarks, however, Commissioner Jourova provided US companies with subtle signals of what they can expect from privacy and data security regulators in 2016 and beyond.  

While praising the progress already made in negotiations, Commissioner Jourova highlighted the agreement by US officials to provide stronger oversight by the Department of Commerce, and more concerted efforts between EU DPAs and the FTC, which has authority to enforce the EU-US data transfer agreement.  “This will transform the system from a purely self-regulating one,” Jourova said, highlighting longstanding EU complaints about self-certification in the now invalidated Safe Harbor framework, “to an oversight system that is more responsive as well as proactive.”  

Unlike the invalidated Safe Harbor agreement, which stood without significant change for fifteen years, the new framework would include an annual joint review mechanism by which the US and EU will update and address concerns related to the functioning of the new framework, and address exemptions for law enforcement or upon national security grounds.  In other words, US companies should expect more fluid regulations, and compliance programs will have to account for the evolving nature of the data transfer framework.  

Commissioner Jourova similarly praised the USA Freedom Act, which will restrict broad NSA PRISM-type collection of personal data, as well as the Judicial Redress Act, which is currently in the Senate.  If enacted, the Judicial Redress Act would provide foreign citizens the right to bring law suits in the US for alleged privacy violations.  US companies should brace for increased oversight and regulatory enforcement, and should be using the current reprieve to implement and update privacy and data security compliance programs.  

© Polsinelli PC, Polsinelli LLP in California

Current Legal Analysis

More from Polsinelli PC

FTC Final Rule Banning Most Non-Competes Passes – What Nonprofits Need to Know
by: Jacob Zerkle , Michael Kuczynski
The 80/20 Rule is Here: CMS Finalizes HCBS Care Worker Payment Requirements
by: Ross E. Sallade , Angelo Spinola
Blockchain+ Bi-Weekly: Week of April 25, 2024
by: Jonathan E. Schmalfeld , Stephen A. Rutenberg
FTC Final Rule Banning Most Non-Competes Passes – What You Need to Know
by: Eric E. Packel , Emma R. Schuering
Finally Final — The DOL Issues Its Long-Expected Final Rule Raising the FLSA Overtime Exemption Salary Thresholds
by: Jason N. W. Plowman , Matthew P.F. Linnabary
"Please Pay No Attention to the Microphone:” DOJ Announces New Program Offering Protections to Criminal Whistleblowers
by: Kurt R. Erskine , Nicole K. Nielly
HRSA Aims for Swift Dispute Resolution with new 340B ADR Final Rule
by: Mary H. Canavan , Kyle A. Vasquez
Critical Infrastructure Cybersecurity – Evolving Incident Response Obligations, Integral to Effective Risk Management
by: Romaine C. Marshall , Kurt R. Erskine
Vote Scheduled for FTC Final Rule Banning Non-Competes – What You Need to Know
by: Eric E. Packel , Sean R. Gallagher
FDA Preemption of State Law for False Labeling Survives Appeal to Supreme Court
by: Gina L. Tincher , Stacy A. Carpenter

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins