"U.S., E.U. announce Trans-Atlantic data privacy framework: What companies can do now" by Elizabeth E. McGinn, Sasha Leonhardt, and Lauren Bomberger (CSLR)
Cybersecurity Law ReportElizabeth E. McGinn, Sasha Leonhardt, Lauren Bomberger
The White House and European Commission in late March 2022 announced a new agreement in principle for trans-Atlantic data flows – the Trans-Atlantic Data Privacy Framework – that would replace the E.U.- U.S. Privacy Shield.
The United States and European Union began negotiations on a new framework in 2020 after the Court of Justice of the European Union (CJEU) concluded that the U.S.-E.U. Privacy Shield was inadequate.
The new framework is the third attempt in the last 20 years to address data transfers between the U.S. and E.U. and is likely to face continued criticisms and legal challenges. While the exact language has not yet been released, the parties’ statements to date point to some key conclusions that can help companies prepare for the final framework – and suggest areas to watch for further clarification.
Originally published in CSLR; reprinted with permission.