Post-Schrems II, Experts Have Some Hope
The year since Privacy Shield was annulled had encouraging developments, speakers told a Wednesday Information Technology Industry Council webinar. Since the European Court of Justice's (ECJ) July 16 ruling to void the trans-Atlantic personal data transfer mechanism in Schrems II…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
(see Ref:2007160002]), the European Commission deemed negotiating a successor with the U.S. a top priority, said Bruno Gencarelli, head of unit-international data flows and protection, Directorate General-Justice. Talks intensified after President Joe Biden's trip to Brussels in June, and both sides agree a doable solution must be based on the ECJ ruling and there's no shortcut, he said. Principles being discussed include access to U.S. courts for European citizens and limits on excessive government access to personal data. One "surprising" recent development was increased demand for international data protection standards, Gencarelli said. The EC is working more closely with other regional blocs such as the Association of Southeast Asian Nations, talks that could create a "critical mass" of principles. The Organisation for Economic Co-operation and Development began a process to identify safeguards shared by OECD members for government access to personal data, he said. The post-Schrems II year has been "reactive" as everyone tried to come to grips with the ruling, said Centre for Information Policy Leadership President Bojana Bellamy. She urged both sides to "negotiate to yes" by focusing not on a 50-50 compromise but on understanding each other's concerns and adjusting positions accordingly. Positive engagement between stakeholders and regulators led to a better place but "we all know the enforcement is coming," said Caitlin Fennessy, International Association of Privacy Professionals research director. Some European data protection authorities question aspects of trans-Atlantic data flows, and businesses face uncertainty. One sticking point is redress for Europeans whose data is misused in the U.S. EU law requires such a right, but under U.S. law it's difficult for people outside the country to gain standing, said Alston & Bird's Peter Swire. A binding solution could come from a presidential executive statement ordering intelligence agencies take certain actions, he said. Gencarelli cautioned that for the EC, whether legislation or executive action is needed is secondary to complying with ECJ requirements. He said it's wrong to think OECD work will replace PS. ITI, the Computer & Communications Industry Association and other tech organizations urged Commerce Secretary Gina Raimondo and EU Justice Commissioner Didier Reynders to "swiftly ensure an agreement for secure transatlantic data flows."