The (Un)certain Future of Transatlantic Data Flows
The EU-US economic relationship is the largest bilateral trade relationship in the world, with trade flows valued at over $1 trillion per year. Personal data transfers constitute an essential element of the transatlantic relationship. The legal invalidation of the so-called Safe Harbour arrangement, which provided a framework for transatlantic data transfers, caused major turmoil in recent months and put a strain on the EU-US relationship.
In the absence of the Safe Harbour, companies transferring data from the European Union to the United States face legal uncertainty and possible enforcement and compliance actions throughout EU Member States. Following the judgment which struck down the Safe Harbour, EU national data protection authorities agreed to assess the alternative data transfers tools (Binding Corporate Rules and Standard Contractual Clauses) and potentially take all necessary actions, including coordinated enforcement, should the EU and US fail to arrive at a new transatlantic data transfers framework.
On 2 February 2016, the European Commission announced that a deal with the United States on a new framework for transatlantic data transfers had been reached. The EU-US Privacy Shield arrangement aims to address loopholes identified in the Safe Harbour judgment, thus providing guarantees that EU citizens’ data continue to be protected once transferred to the United States.
Welcomed by industry but others, including privacy campaigners and several Members of the European Parliament questioned the solidity of the new deal, hinting that should the Privacy Shield be brought in front of the Court of Justice of the European Union, it could get struck down in the same manner as its predecessor.
In this snapshot, FTI Consulting provides an analysis of the different steps that led to the establishment of the EU-US Privacy Shield and an overview of the latest developments which will impact on companies transferring data across the Atlantic going forward.