This was a busy week for those following developments in privacy and cross-border data flows! The European Commission released its highly anticipated draft adequacy decision on the EU-US Data Privacy Framework. The European Commission stated, “that the United States ensures an adequate level of protection for personal data transferred from the EU to US companies.” Although the European Commission found that the framework was adequate, this is not the final step in the process. For more information about what happens next with the draft adequacy decision, please read Beyond Schrems II: What Happens After EU and US Officials Conclude Negotiations for Privacy Shield 2.0.
Once the final adequacy decision is adopted, the EU-US Data Privacy Framework will likely face a legal challenge. The Privacy Across Borders team outlined the possible routes an opponent to the new framework might take in Challenging the New Privacy Shield Framework: All Paths Lead to the CJEU.
On the same day, the Office of the Director of National Intelligence published its implementation procedures for the complaints process under the EU-S Data Privacy Framework. Please read our analysis of the directive here.
The following day, the OECD released its declaration on government access to personal data held by private sector entities. Looking to find commonalities among OECD member countries, the declaration “seeks to improve trust in cross-border data flows – which are central to the digital transformation of the global economy – by clarifying how national security and law enforcement agencies can access personal data under existing legal frameworks.” PAB Senior Director Alex Joel served as a consultant to the OECD for this important effort.
Our team will continue to analyze important developments in national security, privacy, and cross-border data flows. Follow us on Twitter to stay updated with our latest content!