Businesses transferring data across the Atlantic will breathe a sigh of relief this month as the new EU-US Data Privacy Framework comes into effect.

Two previous legal frameworks on EU-US data sharing were struck down in European courts over data privacy concerns. The new deal promises to ensure safe data flow, but not everyone is pleased, and privacy activists are ready to challenge it in court once again.

A new era for transatlantic data sharing?

In July 2023, the EU and the US reached a deal to let data flow across the Atlantic, ending years of legal uncertainty for thousands of companies over the transfer of personal information between Europe and the US. Brussels formally recognized the US as a country with sufficient protection for Europeans’ personal data and adopted a so-called adequacy decision under GDPR.

A new Data Protection Review Court in the US will allow European residents to bring claims against US agencies if they believe their data was not gathered in a “necessary” and “proportionate” way. The framework also pledges that only “necessary and proportionate” data will be collected.

The new data privacy deal will likely be challenged again in court very soon

However, the agreement could be challenged in court yet again, after the EU’s top court struck down the previous data agreement, known as the Privacy Shield, in 2020. The non-profit group NOYB (None of Your Business), led by privacy activist Max Schrems, claims that the deal brings little change and it is largely a copy of the failed Privacy Shield, which was invalidated by the European Court of Justice for failing to limit access to data by US authorities in ways that were “equivalent” to EU laws such as Europe’s GDPR.

Mr. Schrems’ argument is that there needs to be a change in US surveillance law to make a new deal work and that this is lacking at the moment. The privacy activist, who filed the lawsuits that led to the downing of the two previous data pacts, said he would likely challenge the new deal in court by the end of August 2023. He expects his complaint to come to the European Court of Justice in early 2024.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Data privacy campaigners’ concerns result from the Edward Snowden revelations that European users’ data is not sufficiently protected from US intelligence agencies when it is transferred across the Atlantic. In May, Meta was fined a record€1.2bn ($1.3bn) by Ireland’s Data Protection Commission (DPC), as the result of a legal challenge brought by Mr. Schrems, and ordered to suspend the transfer of data from the EU to the US.

The lack of a US data privacy law has added to the costs for businesses

President Biden included stronger data collection guarantees in the executive order that paved the way for the new agreement. But US privacy laws are still lax compared to the EU, and the fact that there is no comprehensive data privacy legislation at the federal level does not help. Data privacy regulation in the US is highly fragmented, with different and coexisting data privacy regimes leaving businesses facing distinct compliance requirements.

The most prominent regulation, the American Data Privacy and Protection Act (ADPPA), has been tabled and is now receiving attention from most of the privacy world. However, it looks less likely that the ADPPA will pass a divided Congress anytime soon, leaving a vacuum at the federal level.