At the end of March this year, a preliminary agreement concerning a future legal framework for data transfer between the European Commission and the U.S. was announced in a joint statement by Joe Biden, President of the United States, and Ursula von der Leyen, President of the EC. Without providing too many details, Biden pointed out that the new agreement will offer improvements over the old framework – the Privacy Shield –, while van der Leyen confirmed that the former intends to balance personal data security, privacy and protection.
The White House also issued a fact sheet on how the new framework will deal with important questions previously raised by the Court of Justice of the European Union. In force until 2020, the Privacy Shield was rejected by the Court because it did not adequately protect European Union countries’ citizens’ data in the hands of American companies. This hindered the transatlantic flow of data that is crucial to the trillion-dollar economy between the U.S. and the European bloc.
This time, to strengthen the privacy and civil liberties safeguards of European citizens’ data, the U.S. ensures that:
- Signals intelligence collection may be undertaken only where necessary to advance legitimate national security objectives, and must not disproportionately impact the protection of individual privacy and civil liberties;
- Signals intelligence collection may be undertaken only where necessary to advance legitimate national security objectives, and must not disproportionately impact the protection of individual privacy and civil liberties;
- U.S. intelligence agencies will comply with the “new standard” of civil liberties and privacy.
The preliminary agreement seems to show that there is an alignment between Washington and Brussels to end the legal uncertainty that has prevailed since the decision that judged the terms of the Privacy Shield to be inadequate – and a draft of a new framework is expected to have been released by the end of April this year. We must monitor this progress – since Brazil’s General Data Protection Law’s (Lei Geral de Proteção de Dados/LGPD) provisions are very similar to European ones regarding the international flow of personal data, and similar solutions may be negotiated under tutelage of our National Data Protection Authority (Autoridade Nacional de Proteção de Dados) in the future.
Sources:
https://noyb.eu/en/privacy-shield-20-first-reaction-max-schrems;
https://www.politico.eu/article/privacy-shield-data-deal-joe-biden-ursula-von-der-leyen/; https://www.uschamber.com/technology/data-privacy/transatlantic-dataflows;
https://www.migalhas.com.br/depeso/331982/schrems-ii-e-lgpd-reflexoes-acerca-dos-impactos-da-decisao-da-cjeu-no-cenario-brasileiro; https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/25/fact-sheet-united-states-and-european-commission-announce-trans-atlantic-data-privacy-framework/.