On Friday 25 March 2022 the United States and the European Commission announced a Trans-Atlantic Data Privacy Framework ('Framework'). Although not set in stone yet, the announcement does offer comfort that a new Framework will come into play soon offering a replacement to the EU-US Privacy Shield.
The old EU-US Privacy Shield was invalidated by the Court of Justice of the European Union almost two years ago (July 2020). Companies transferring personal data to the US who were signed up to the void Privacy Shield had to find alternative safeguards for the transfer of personal data, namely putting into place standard contractual clauses with their counterparts.
It would be excellent for businesses to enjoy the benefits of the new Framework as we have seen how arduous it has been for businesses utilising/having to re-paper contracts and build in SCCs for transfers to US as a result of the EU-US Shield becoming invalid. As well as having the extra onerous task of ensuring transfer impact assessments ('TIAs') are carried out for transfers to the US which has not been easy for businesses, particularly with time and resources.
European Commission President Ursula von der Leyen states that the new agreement will 'enable predictable and trustworthy data flows between the EU and US, [and more importantly continue] safeguarding privacy and civil liberties.'
As with the previous Privacy Shield, it is envisage that companies will need to ‘sign up‘ to the proposed Framework to take advantage of its benefits and will be required to adhere to Privacy Shield Principles that will include the requirement to self-certify adherence to the Principles through the U.S. Department of Commerce.