March 20, 2023

Volume XIII, Number 79


March 17, 2023

Subscribe to Latest Legal News and Analysis

U.S. and EU Agree in Principle on New Trans-Atlantic Data Privacy Framework

In a joint press conference, U.S. President Joe Biden and European Commission President Ursula von der Leyen announced an agreement “in principle” on a framework, called the Trans-Atlantic Data Privacy Framework (“Privacy Shield 2.0”), to replace the US-EU Privacy Shield. The EU General Data Protection Regulation (“GDPR”) places restrictions on personal data transfers to countries outside of the European Economic Area. Privacy Shield 2.0 is designed to replace the original Privacy Shield which had made EU to US data transfers legal but was invalidated by the European Court of Justice in 2020 in the so-called Schrems II decision.

Privacy Shield 2.0 would potentially revive the Privacy Shield and allow EU to US data flows for compliant companies. Few details have emerged on the terms of the agreement or how different its terms would be from the original Privacy Shield (an overview of the compliance features of the original Privacy Shield can be found here).

The concern of EU Courts has been the extent of the US government’s surveillance of personal data. Many in Europe are wary of any mechanism that allows data transfers to the US because they believe that the transferred data simply will not be protected from the eyes of the US government. Some European commentators are skeptical of Privacy Shield 2.0 as few details have emerged about how U.S. government surveillance would change in order to have the regime survive scrutiny in EU courts and a possible Schrems III scenario. What is clear is that the success or failure of the forthcoming Privacy Shield 2.0, will have serious consequences for businesses of all sizes transferring personal data across the Atlantic.

While we wait to see the detail, businesses transferring personal data across the Atlantic should rely on adequacy safeguards under the GDPR such as the so-called “standard contractual clauses.” It will also be interesting to see how the UK respond in the post-Brexit era now that the UK can make its own adequacy decisions about countries outside of the UK.

© 2023 Proskauer Rose LLP. National Law Review, Volume XII, Number 87

About this Author

Ryan P. Blaney Healthcare and Cybersecurity Attorney Proskauer Washington DC

Ryan Blaney is a partner in Proskauer’s Health Care and Privacy & Cybersecurity Groups.

Ryan’s practice focuses on regulatory compliance, enforcement, litigation and transactions in the areas of data privacy, cybersecurity, health care, and emerging technologies. He advises private equity, asset managers, health care, life sciences, retail and technology clients on privacy and cybersecurity compliance, cybersecurity incidents and government investigations, including acting as lead counsel in defending clients in regulatory investigations by...

Special TMT & Data Protection Counsel

Vishnu Shankar is a special counsel in Proskauer’s Technology, Media & Telecommunications and Privacy & Cybersecurity Groups in the London office. He practices in two related areas, namely: data privacy and cybersecurity, and technology and intellectual property transactions.

Vishnu’s clients are in a variety of industries, including financial services and payments, asset management and private equity, life sciences and pharmaceuticals, IT, and transportation. Vishnu is recommended by The Legal 500 UK where clients note his “...


Vincent Tennant is an associate in the Privacy & Cybersecurity and Health Care Groups.

Vince’s practice focuses on data privacy and cybersecurity issues in the context of regulatory compliance, enforcement, litigation and transactions. He advises private equity, asset managers, health care, life sciences, retail and technology clients on privacy and cybersecurity compliance, cyber risk management in critical transactions and cybersecurity incident response.   

Vince counsels clients on federal, state, and...