This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| 1 minute read

Potential Stumbling Blocks for EU-US Data Privacy Framework

US companies with business in the EU have been frustrated for years by the lack of an easy-to-implement way to export personal data to the US. Negotiators for the US and the EU have been working to fill the gap since the prior negotiated framework was invalidated by the EU's highest court in a series of decisions. Last fall, the US announced a new Data Privacy Framework (DPF) as the proposed solution. The DPF is currently being reviewed by several stakeholders in the EU to determine whether it would afford EU residents adequate protection for their data in the US. In mid-February, the EU Parliament said "no."  Parliament's view is non-binding, but likely to carry at least some weight.

Why It Matters

Many US businesses currently fall back on the imperfect (and possibly also not "adequate") Standard Contractual Clauses if they want to make EU personal data available in the US. The SCCs are unwieldy and intimidating. To small businesses especially, they often feel like overkill.  

The lack of an easy solution affects everything from professional contact information to HR data to advertising and analytics data (and more).  Without an easily workable set of rules for the export of this data, US companies and their EU business partners are likely to have to keep either finding ways to avoid data export, thus chilling their business efforts (or increasing their costs), or lumbering under the weight of the SCCs.  

In their opinion, committee members concluded the proposed DPF "fails to create actual equivalence in the level of protection" offered under the EU General Data Protection Regulation and urged the European Commission to only adopt a decision when "meaningful reforms were introduced, in particular for national security and intelligence purposes" on the part of the U.S. The urging comes after the LIBE committee hosted European Commissioner for Justice Didier Reynders Jan. 31 for questioning related to the proposed DPF and potential adequacy.

Tags

data security and privacy, hill_mitzi, insights