Hello from Maine! 

We might be nearing the end of 2021, but there is still plenty of time for "firsts" before 2022 rears its head. It's even better when some of those firsts take place on the same day, as we saw this week with the first U.S. Senate hearing on consumer privacy and the inaugural meeting of the U.S.-EU Trade and Technology Council.

In case you missed the Senate hearing, my colleague Jennifer Bryant has the details below. Legislators discussed the need for a federal privacy law and strengthening resources for the Federal Trade Commission. In addition to calling for legislation with civil rights, former members of the FTC said the agency needed stronger enforcement authority and additional resources.

While the Senate hearing was underway, panelists at the Forum Global Data Privacy Conference also discussed federal privacy legislation, the role the FTC plays in enforcement, and the proposals outlined in the recently passed House budget legislation, which would increase FTC funding to $1 billion. Former FTC Bureau of Consumer Protection Director Jessica Rich didn't negate the need for a privacy bureau as discussed in the proposal, but pointed out that "with stronger authority, the FTC could hit the ground running while a new agency could take years to set up." She continued, "The FTC has the policy, enforcement and rulemaking experience and expertise, the relationship with states, the relationships with other countries and it has a track record of addressing a range of issues including discrimination through its existing laws." 

As if Wednesday wasn't busy enough, the U.S.-EU Trade and Technology Council kicked off its first meeting in Pittsburgh. The council created 10 working groups, one of which is the "Data Governance and Technology Platforms" group, which will "exchange information and views regarding current and future regulations in both the United States and European Union." The next meeting is slated for Oct. 27.

That might lead you to think Privacy Shield discussions will be a key topic during these discussions. However, during a fireside chat at the Forum Global conference, U.S. Department of Commerce Deputy Secretary Don Graves and European Commission Directorate-General for Justice and Consumers Acting Director-General Salla Saastamoinen were careful to differentiate the TTC and the ongoing EU-U.S. Privacy Shield talks.

Saastamoinen said they are "parallel exercises," and the TTC is a separate conversation from trans-Atlantic data flows. Graves agreed that he didn't want the conversations to co-mingle. "We're having lots of different conversations on a whole ranges of issues and the TTC, I expect, will have a lot of progress, but our teams have already made a huge amount of progress."

After months of virtual meetings, representatives from the U.S. and European Commission met in Brussels last week to continue the Privacy Shield negotiations in person, where, according to Graves, the negotiators made significant progress.

"We need an enduring solution for Privacy Shield that can serve as that valid transfer mechanism for firms in both the U.S., as well as the EU to make sure there's robust privacy protections that address the CJEU concerns in 'Schrems II,' but also ensures continued availability of that data transfer mechanism," he continued. 

Saastamoinen was equally optimistic but more pragmatic regarding timelines. "We are working, but it will not be a quick fix in the sense that we want a durable solution, and that is actually the lesson that we have learned in the previous rounds," she said.

She emphasized this is a priority for the Commission. "It is in our common interests ... to have the solution that ensures compliance with the EU requirements, nobody wants a 'Schrems III' judgment." Nobody, indeed.