There is a "new way forward" for post-Brexit arrangements and relations. Fitting, perhaps, that this week’s "View from Brussels" comes, in fact, from London — just a few miles, or kilometers, away from where the Windsor Framework was inked by the U.K. Prime Minister and the President of the European Commission. Readers may be reassured to know the transfer of authorship of this weekly column is both temporary and beyond the scope of the Windsor Framework. Normal service from Isabelle returns next week.
There is no doubt the European Data Protection Board is the engine room of data protection in Brussels. Still hot from last week’s activity, the EDPB engine purred again this week. Its 54-page next stages in the procedure. The EDPB’s concerns, requests for clarification and requests for close monitoring of the arrangement reflect the sensitive, novel and “significant” reforms currently being implemented by the U.S. government that seek to address various issues identified by the Court of Justice of the European Union in "
Next up in the procedure is further draft adequacy decision for the U.K., which was then adopted a month later. Member states representatives will then assemble to vote on the draft, with at least 15 out of the 27 needing to approve the draft before it is formally adopted by the College of Commissioners.
As the adequacy procedure marches on, many will be watching a parallel track of potentially consequential importance to the transatlantic data transfers equation. That other track involves a dispute about Facebook’s use of standard contractual clauses to transfer EU data to the U.S. The dispute is currently with the EDPB, which is preparing a binding decision on the matter. The decision, due mid-April, will bind Ireland's Data Protection Commission to issue its own decision to the parties by mid-May. I unpacked how such decisions are reached by the EDPB in my most recent The Jurisdiction of the New Data Protection Review Court by Paul Rosenzweig.
Beyond the world of transfers, but sticking with the continent of Europe, I’m looking at:
- The text on the Cyber Resilience Act.
- How EU policymakers have adtech in their Data Protection Intensive: UK 2023, which is packed with incredible speakers and content, and coincides with the release of the UK General Data Protection Regulation reform proposals.
Yours, transferring out.