New US- EU Privacy Pact to Enable Free-Flowing Data Transfers

Mishandling transfers of data between the EU and US has been a topic for discussion lately after Facebook owner, Meta was fined 1.2 Billion Euros for infringing Article 46(1) GDPR.

In this case, the Irish Data Protection Commission discovered that the correct contractual clauses (known as standard contractual clauses) prepared by the European Commission containing safeguards were not adequately used. This meant that users’ fundamental rights and freedoms were compromised in the data transfers. 

Since then, a new pact has been agreed between the EU and the US to safeguard data when it is transferred between the two areas to provide stronger privacy protections for users to a standard that is comparable to that of the European Union GDPR regulations.

How Will Data Be Better Protected When Transferred Between the EU and the U.S.?

The privacy pact has been made in line with Article 45(3) of the General Data Protection Regulation (GDPR) which gives the European Commission the power to decide that a non-EU country can provide ‘an adequate level of protection' that is equivalent to the level of protection within the EU. The effect of adequacy decisions such as this is that personal data can flow more freely to the US without further obstacles and without having to implement extra data protection safeguards. 

The Commission had a number of worries about the US government snooping on EU personal data, but, one of the major ways that the new agreement will maintain privacy protection is by introducing new binding safeguards that will handle concerns that the European Court of Justice raises about data protection. 

US intelligent services will have limited access to EU data according to the new pact. Instead, they will only be able to access data if it is necessary and proportionate for national security. There will be a new Data Protection Review Court (DPRC) established which will be dedicated to hearing about serious concerns of data violations and resolving complaints. This means that EU individuals who have had their personal data mishandled by US companies will have free-of-charge independent dispute resolution mechanisms and an arbitration panel if their data was used in a way that goes against the new EU-U.S. Data Privacy Framework. 

How Will the New Pact Affect U.S. Companies?

US companies will be able to join the EU-U.S. Data Privacy Framework providing they can commit to meeting thorough privacy obligations such as deleting data at the point in which it is no longer needed for the original purpose that it was collected and ensuring data protection when passing information to third parties. A failure to comply with the new stricter measures may mean that US companies will be held to account by newly established entities such as the Data Protection Review Court (DPRC). Users will have more ways of addressing concerns when they believe their data has been breached or violated. 

How Can Gerrish Legal Help?

Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialise in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property. 

We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements. 

We are here to help you, get in contact with us today for more information.