TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | Reynders announces European Commission's latest international data transfer plans Related reading: European Commission adopts EU-US adequacy decision

rss_feed

""

""

Since taking on the role of European Commissioner for Justice in 2019, Didier Reynders said a top priority was developing a new trans-Atlantic framework for data transfers following the invalidation of the EU-U.S. Privacy Shield. With the EU-U.S. Data Privacy Framework now in place, Reynders is widening the scale of the EU's efforts on data flows.

On the keynote stage at the IAPP Europe Data Protection Congress 2023 in Brussels, Reynders highlighted a conference being planned for next year that will bring together the EU and adequacy partners on a global level. No formal date has been announced, but Reynders indicated plans for a "conference" with existing and likely prospective EU adequacy partners.

"Adequacy is not an end point, but a means for building even more convergence over time. Having a growing group of countries benefitting from an adequacy decision also creates a multiplier effect and new opportunities for them within this network," he said.

The European Commission has "several" adequacy decisions "with like-minded partners" in the works, Reynders said. Brazil is among those countries and Reynders plans to travel to the country soon for expected negotiations.

"We must continue to work with international partners towards safe and free data flows," Reynders said. "Cooperation towards a safer digital future is not a choice, but a necessity."

In comments during a preceding DPC panel, European Commission Head for International Affairs and Data Flows Bruno Gencarelli alluded to a potential plan to explore the "network effect of adequacy." Referring to the how the EU adequacy decision with South Korea opened up a free flow of data for "20 other jurisdictions," Gencarelli said a network is "more and more a legitimate demand for instruments that cover a critical mass of jurisdictions."

Active agenda

Reynders surprised DPC attendees with a swath of data transfer revelations beyond the plans for an international adequacy summit.

He said a first-of-its-kind proposal for an adequacy decision regarding data transfers to an international organization is on the cusp of completion while there is ongoing dialogue with the California Privacy Protection Agency on granting adequacy to the U.S. state under the California Consumer Privacy Act's equivalence to the EU General Data Protection Regulation.

Additionally, a European Commission report evaluating the 11 existing adequacy decisions is on the horizon. Reynders said the report is expected to be published "in the coming weeks."

Reynders appeared to show less optimism regarding EU-U.K. adequacy. The potential for the European Commission to revisit its U.K. adequacy deal is not out of the question, he said, in light of anticipated reform to the U.K. General Data Protection Regulation.

"It's very important to verify if there are some changes in the U.K. that those changes will be in full compliance again with the GDPR," Reynders said.

U.K. Parliament was recently alerted in "The King's Speech" that ministers will soon reintroduce the Data Protection and Digital Information Bill (No. 2)

EU-US DPF confidence

With the EU-U.S. transfer agreement, Reynders said the DPF represents a "stable mechanism for data transfers to the U.S." that addresses concerns of the Court of Justice of the European Union that led to the invalidation of the preceding EU-U.S. Privacy Shield.

He said the "stability and effectiveness" of the DPF is relied upon by 2,500 companies that certified adherence with the U.S. Department of Commerce, as well as "tens of thousands of companies that rely on the DPF safeguards related to national security to transfer data across the Atlantic every day."

Reynders and Gencarelli each used their time at DPC to tout the progress of the DPF implementation process, which continues to move forward with adoption of both business and U.S. government requirements. The U.S. Department of Justice recently unveiled the appointments to the independent Data Protection Review Court, established under the DPF for proper redress on individual claims of improper access to non-U.S. persons data by the U.S. intelligence community.


Approved
CDPO, CDPO/BR, CDPO/FR, CIPM, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT, LGPD
Credits: 1

Submit for CPEs

Comments

If you want to comment on this post, you need to login.