On 25 March 2022, the European Commission and the United States announced they had reached an agreement on a new Trans-Atlantic Data Privacy Framework. The purpose of the new Framework is to reinforce protection of privacy for individuals in the EEA when their data is transferred to the US. It comes in the wake of the European Court of Justice Schrems II decision, which declared the previous EU-US ‘privacy shield’ mechanism invalid (for more detail see here).
The European Data Protection Board (EDPB) issued a statement welcoming this announcement. In it, the EDPB welcomes the ‘unprecedented’ measures the US will implement to protect the data of EEA-based individuals when it is transferred to the US. It sounded a note of caution however, stating that the announced agreement did not amount to a legal framework for the transfer of data from the EEA to the US, and that it awaited concrete legal proposals to implement it. In the meantime, data exporters must ensure that any transfer complies with the principles outlined in the European Court of Justice ruling in Schrems II.
The Trans-Atlantic Data Privacy Framework announcement is here.
The European Data Protection Board statement is here.
for more information about employee data privacy