• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

EU and U.S. Reach Agreement In Principle on a Replacement for the EU-U.S. Privacy Shield

March 25, 2022 By Paul Greaves and Wim Nauwelaerts

On March 25, 2022, the European Commission and the United States announced that they have reached an “agreement in principle” on a replacement for the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of the European Union in 2020.

The new framework will be designed to allow personal data to flow freely between the EU and participating U.S. companies, and will likely be seen as the main alternative to the “Standard Contractual Clauses” released by the European Commission last year.

Key elements of the new framework include:

  • Obligations for companies processing data transferred from the EU to the U.S., which will include the requirement to self-certify their adherence to certain GDPR-like data protection principles, through the U.S. Department of Commerce;
  • A new two-tier redress system to investigate and resolve complaints of individuals in the EU regarding access of their data by U.S. Intelligence authorities, which includes a to-be-established Data Protection Review Court;
  • Specific monitoring and review mechanisms; and
  • A new set of rules and binding safeguards to limit access to data by U.S. Intelligence authorities.

In terms of next steps, the agreement in principle will now need to be translated into legal documents i.e., an Executive Order on the U.S. side, and an adequacy decision from the European Commisison on the EU side.

The new framework is based in part on proposals from a group of privacy experts which includes Peter Swire, Senior Counsel at Alston & Bird.

Filed Under: Data Protection, Enforcement, GDPR, International, Regulation Tagged With: Cross-border, EU Data Protection, EU Privacy, EU Regulation, European Union (EU), International Data Transfers

About Paul Greaves

Paul Greaves is a senior associate in the Brussels office and a member of Alston & Bird’sPrivacy, Cyber & Data Strategy Team. Paul’s privacy, information technology, and data protection practice includes a focus on compliance with the General Data Protection Regulation, ePrivacy rules, and cross-border data transfers.

[Read Bio]

About Wim Nauwelaerts

Wim Nauwelaerts is a partner in the Brussels office, leading Alston & Bird’s European Privacy, Cyber & Data Strategy Team. Wim has over 20 years of experience working with global companies on their data protection, privacy, and cybersecurity needs, including General Data Protection Regulation (GDPR) readiness, data transfer, data security and breach requirements, and compliance training.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • DOJ Issues New Policy on CFAA Prosecutions
  • EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
  • Colorado Issues Pre-Rulemaking Considerations for the Colorado Privacy Act
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.