*This article first appeared on Law360 on October 14, 2022
A series of coordinated announcements on Oct. 7 lifted the veil on a new trans-Atlantic data transfer mechanism.
This announcement has been hotly anticipated since a joint declaration from the U.S. and European Union governments on March 25, that there was an agreement in principle for a new EU-U.S. Data Privacy Framework.
The key document in the framework process is Executive Order No. 14086 on enhancing safeguards for U.S. signals intelligence activities, accompanied by a detailed fact sheet on the executive order.
The U.S. President and European Commission President announced in a joint press statement on March 25th, 2022 that an agreement “in principle” has been reached on a new Trans-Atlantic Data Privacy Framework (Privacy Shield Agreement 2.0). Once approved and implemented, the agreement would facilitate the transatlantic flow of personal data and provide an alternative data transfer mechanism (in addition to EU Standard Contractual Clauses and Binding Corporate Rules) for companies transferring personal data from the EU to the U.S. This is a welcome announcement for companies that have been dealing with the legal uncertainty of such data flows following the Schrems II decision in July 2020, which invalidated the EU-U.S. Privacy Shield 1.0 for international transfers of personal data.