Today marks the first anniversary of the CJEU’s “Schrems II” ruling which invalidated the European Commission’s Privacy Shield adequacy decision concerning the transfer of data to the US.
Despite an urgent need to reach a deal on transatlantic data flows for economic and geopolitical reasons, few if any concrete results have been seen to date. As stressed earlier this year by European Commissioner Didier Reynders and Věra Jourová, Vice President of the European Commission for Values and Transparency, in order for such a deal to become a reality, the United States must take concrete action to limit the access to EU citizens’ data on the part of foreign national security agencies. Indeed, it’s unlikely that the EU will accept a new deal from the US executive without real changes. This is especially true given the probability of another negative court ruling – something which is understandable considering the fate of Safe Harbor and Privacy Shield and the willingness of EU-based groups to take action to ensure that EU citizen’s data protection rights are respected.
While both slides of the Atlantic recognize the vitality of such an agreement and its implications for future economic cooperation and growth (to this end, I warmly welcome the EU-US Trade and Technology Council), swift action is needed to provide more legal certainty for EU businesses whose activities depend on the international transfer of data!