U.S., EU, Working on New Privacy Shield

Promise stronger data privacy protections

The Trump Administration has started to huddle with the European Commission to talk about enhancing the EU-U.S. Privacy Shield after the EU’s Court of Justice ruled that the U.S. can’t live up to its part of the bargain, promising to strengthen privacy protections. 

Concluding that it does not sufficiently protect data transferred from the EU to the U.S., the Court of Justice last month invalidated the “privacy shield.” 

“The U.S. Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy Shield framework to comply with the July 16 judgment of the Court of Justice of the European Union in the Schrems II case,” said Commerce Secretary Wilbur Ross and EU commissioner for Justice Dider Reynders in a joint statement Monday (Aug. 10). “This judgment declared that this framework is no longer a valid mechanism to transfer personal data from the European Union to the United States. 

Related: FTC Cracks Down on Alleged Privacy Shield Pretenders 

“The European Union and the United States recognize the vital importance of data protection and the significance of cross-border data transfers to our citizens and economies. We share a commitment to privacy and the rule of law, and to further deepening our economic relationship, and have collaborated on these matters for several decades.”   

“As we face new challenges together, including the recovery of the global economy after the COVID-19 pandemic, our partnership will strengthen data protection and promote greater prosperity for our nearly 800 million citizens on both sides of the Atlantic.” 

The shield was a way for U.S. companies to be considered in compliance with the EU’s General Data Protection Regulation simply by signing on to the shield’s data protection guarantees, rather than having to come up with individual policies and agreements to comply with the GDPR protections of cross-border data flows.  

In invalidating the shield the court said data protections in U.S. laws “are not circumscribed in a way that satisfies requirements that are essentially equivalent to those required under EU law.”  

Now Commerce and the EU will have to find a way to get the U.S. data protections on the same page as the EU. 

Related: FCC, FTC Chairs Defend Privacy Rules Rollback

The FCC under former chairman Tom Wheeler approved tough U.S. data privacy rules, but they were invalidated by Republicans in Congress despite pushback by privacy groups and Democrats who have called for a consumer privacy “bill of rights.”