As the one-year anniversary of the Court of Justice of the European Union's "Schrems II" decision approaches, the privacy industry has seen a wave of developments on international data transfers.
The European Commission issued its recommendations on supplementary measures for data transfers and the commission
While data transfer news has been coming in fast this June, an important element of the "Schrems II" ruling still needs to be addressed: a replacement to the EU-U.S. Privacy Shield agreement.
During an IAPP LinkedIn Live event, U.S. Department of Commerce Deputy Assistant Secretary for Services Christopher Hoff, CIPP/E, CIPP/US, CIPM, offered a window into the progress on the Privacy Shield talks, assuring privacy professionals the negotiations between the European Union and U.S. are not stuck at the starting line.
"I definitely would assuage anyone’s fears that we are at the beginning of this negotiation. We are not at the beginning of this negotiation," said Hoff. "A good diplomatic friend mentioned to me allies get into these conversations where there’s often 95% agreement and 5% disagreement. Without saying that that’s where we are, it feels like that is essentially where we are. I am confident that we will figure out the remaining percent, whatever percent that it is. We are absolutely not at the beginning at these conversations and we will figure out the rest."
The summit between the EU and U.S. recently
He added the European Commission has been patient throughout the proceedings, as it has now had to work with two different presidential administrations on Privacy Shield 2.0. Hoff said other federal entities beyond the Department of Commerce and the White House have been working to make a new data transfer agreement a reality, as observers on both sides of the Atlantic expect a deal to eventually be made.
Hoff also discussed the other notable data transfer developments before and after the EU-U.S. summit. Hoff said the Department of Commerce and other federal agencies are in the process of assessing the EDPB recommendations and the new SCCs at a high level, and offered his thoughts on these documents from the view of a privacy professional.
"I see some difficulties and some big holes in the use cases that are quite common, and there are not any good answers for those, but at the same time, we are happy to see the maintenance of a risk-based approach that the commission put into the standard contractual clauses," said Hoff. "We are glad to see some of that in the EDPB recommendations."
The "Schrems II" ruling turned the privacy world on its head last summer, and privacy professionals patiently waited for guidance and new mechanisms to facilitate very valuable data transfers.
Now, those materials and tools are materializing, allowing those who handle data transfers to breathe a little easier for a litany of reasons.
"I found the EDPB recommendations very helpful and illuminating. It represents a consensus among the supervisory authorities of the EU member states in interpreting what the ‘Schrems II’ decision requires," said American University Washington College of Law Scholar-in-Residence and Adjunct Professor Alexander Joel, CIPP/G, CIPP/US. "When supervisory authorities are taking enforcement in the interim, they are going to be looking at these recommendations that this guidance document has established an interpretive opinion of what ‘Schrems II’ sets forth. From that perspective, it’s very helpful."
But will all of these developments impact Privacy Shield negotiations?
Hoff said the new SCCs and the EDPB recommendations will not directly influence talks around a Privacy Shield replacement, but rather highlight the need for a government solution to address these issues.
But don't expect quickness to be the name of the game. The primary focus for both the EU and the U.S. will be to craft a strong data transfer agreement that avoids the fate that fell upon Privacy Shield and Safe Harbor before it.
Photo by CHUTTERSNAP on Unsplash
