Skip to content

Further details revealed about the upcoming EU-US Trans-Atlantic Data Privacy Framework fact sheets

Author
Image of Nicole Wolters Ruckert
Nicole Wolters Ruckert

Counsel

Amsterdam

View profile →

Finlayson-Brown Jane
Jane Finlayson-Brown

Partner

London

View profile →

05 April 2022

On 25 March 2022, the European Commissioner for Justice Didier Reynders and the US Secretary of Commerce Gina Raimondo issued a joint statement notifying to the effect that the US Government and the European Commission had decided to "intensify negotiations on an enhanced EU-US Privacy Shield framework'', to replace the EU-US Privacy Shield framework which was invalidated by the Court of Justice of the European Union (CJEU) by the decision in Schrems II case nearly two years ago.

The joint statements also confirmed that an ''agreement in principle'' was reached on a new framework for international data flows. The new framework aims to reinstate predictable and trustworthy data flows between the EU and the US, balancing security, the right to privacy and data protection. Since our publication, further details about the upcoming framework have emerged, and are set out below.

Both the European Commission and the US Government have issued detailed fact sheets on what has been named the ''Trans-Atlantic Data Privacy Framework''. 

The European Commission’s factsheet clarifies the key principles of the new framework:

  • free flow of data between the EU and participating US entities;
  • new set of binding safeguards to limit access to data by US intelligence authorities, based on necessity and proportionality in national security interests only;
  • new redress system to investigate and resolve complaints of EU individuals;
  • strong obligations on participating US companies; and
  • expanded monitoring and review mechanisms.
The White House clarified these principles in more details, confirming that the US has made commitments to: 
  • strengthen the privacy and civil liberties safeguards governing US surveillance. By way of example as to how this is expected to be achieved - signals intelligence collection will be limited to situations where it is necessary “to advance legitimate national security objectives”, with a requirement that collection must not disproportionately impact the protection of individual privacy and civil liberties;
  • establish a new two-layer redress mechanism for EU individuals with independent and binding authority. This will include an independent Data Protection Review Court, which will have full authority to adjudicate claims and direct remedial measures. EU individuals will continue to have access to other recourse options for complaint resolution (including alternative dispute resolution and binding arbitration); and
  • enhance the existing oversight of surveillance activities, through adoption of new procedures by US intelligence agencies aimed at protecting privacy and civil liberties.

The US Government also confirmed that organisations participating in the new framework will be required to adhere to the EU-US Privacy Shield Principles (including a requirement to self-certification through the US Department of Commerce).

These commitments of the US Government will be included in an Executive Order that will form the basis of the European Commission’s assessment in its future adequacy decision.

Negotiations will continue to achieve the creation of legally binding documents. EU officials involved in the negotiations are quoted to state that the framework is expected to be finalised before the end of 2022.

Read the US Government's press release 'United States and European Commission Joint Statement on Trans-Atlantic Data Privacy Framework' and their factsheet. Read the European Commission's press release 'European Commission and United States Joint Statement on Trans-Atlantic Data Privacy Framework' and factsheet

Related blog topics

Related expertise