Greetings from Portsmouth, NH.

It is hard to believe that today is the 19th anniversary of the 9/11 terrorist attacks. Until recently, no other event in the 21st century dramatically altered the core of the U.S. more than this one. Of course, now we are in the midst of another life-altering moment in time, as the COVID-19 pandemic continues to take its toll on the world. I don’t think I can add much more than what has been, and will be, said about these events. I simply believe we should mourn everyone who lost their lives in these terrible tragedies.

It’s not a groundbreaking sentiment I know, but in this time of hyper-politicization, sometimes we need to slow down and remember that those statistics we see roll over and over again are people. They had families, lives, hopes and dreams that were taken too soon. We shouldn’t forget that either.

As hard as it can be at times with all that’s happening around us, developments in the privacy world continue unabated.

Clearly, the impact of the Court of Justice of the European Union “Schrems II” ruling continues to resonate. This week it was leaked to the media that the Irish Data Protection Commission ordered Facebook to stop all data transfers from the EU to the U.S. Not wasting any time, Facebook filed an appeal with the High Court of Ireland, arguing the DPC made its decision before it received guidance from the European Data Protection Board. No doubt, this is another step in what will likely be a protracted legal process. 

My colleague Angelique Carson covered the reactions from privacy professionals after the DPC’s order came down, which you can read below. Significantly, Morrison & Foerster Partner Miriam Wugmeister noted, while the primary focus has been on what companies need to do to operate in the post-“Schrems II” world, the pressure really should be on the EU and U.S. governments to negotiate a political solution to lessen the level of confusion around such a complex topic.

Perhaps one will come out of the talks between the U.S. Department of Commerce and the European Commission. As you may remember, the two sides announced last month they have initiated discussions on an “enhanced” EU-U.S. Privacy Shield framework after the CJEU invalidated it in July, but negotiations will take time. There have been other potential solutions, as well. Last month, Kenneth Propp and Peter Swire offered thinking around how to deal with judicial redress for EU citizens in the U.S. legal system. Marc Zwilleinger, Mason Weisz and Kandi Parsons also recently shared thoughts on how to supplement standard contractual clauses in light of U.S. surveillance law. 

Interestingly, Phil Lee and his team at Fieldfisher conducted a survey on how privacy pros are handling data transfers post-"Schrems II." He sheds light on the apparent dissonance between the current law and the on-the-ground reality businesses are dealing with each day. There are some interesting results — perhaps most notably, 75% of those surveyed said a majority of their data processors are U.S.-based, but only 12% indicated they would reduce their non-EEA/non-U.K. exports as a result of "Schrems II." 

Navigating the data transfer waters will be as challenging as sailing the Atlantic during hurricane season, especially while the U.S. goes through a contentious election. It's safe to say we won't see additional surveillance reform in the U.S. any time soon, but there will be plenty of legal proceedings, negotiations and tough decisions ahead. 

Stay strong. Stay safe.