Privacy Shield 2.0 is the result of more than 12 months of negotiations between Europe and America and comes in the wake of two previous rejections of transatlantic data transfer agreements by the European Union.
But what is Privacy Shield 2.0 and what will it mean for businesses?
Increased protection for EU citizens
One of the most significant aspects of Privacy Shield 2.0 is the improved privacy protection it affords EU citizens, as it restricts US intelligence activities to those that are deemed ‘necessary’ and ‘proportionate’.
The new framework also provides a means by which EU residents can take action if they think they are being unnecessarily targeted.
In addition, any complaints made will be taken to an independent data protection review court staffed by individuals not in the employ of the US government. It is this court that will ultimately be able to decide if the use of private data by intelligence officials is necessary or if it was unlawful.
How do businesses view the change?
Many companies that have operations straddling both Europe and the United States seem to be reacting favorably to the news of Privacy Shield 2.0.
It isn’t set in stone
Although Biden signed the Executive Order, the Privacy Shield cannot yet be implemented as the European Commission needs time to evaluate the new framework and issue an adequacy decision. This decision would recognize the protective benefits and suitability of Privacy Shield 2.0 and would certify its ability to provide similar levels of protection to EU data privacy laws.
A draft decision is in the pipeline, with the Commission stating that it feels the Shield will “provide a durable and reliable legal basis for transatlantic data flows”. However, there are others who feel that the safeguards set out in Privacy Shield 2.0 will not satisfy the requirements of EU law.
Among these dissenters is Max Schrems, who serves as the Chair of noyb.eu, which campaigns vociferously for robust data privacy protections. Schrems issued a statement in which he declared that this deal may be “purely political” and explains that, “if it is not in line with EU law, we or another group will likely challenge it.” He went on to state that, “it is regrettable that the EU and US have not used this situation to come to a ‘no spy’ agreement, with baseline guarantees among like-minded democracies.”
Only time will tell whether Privacy Shield 2.0 will be approved and implemented. This development comes as no surprise as cyber threats and privacy breaches regularly make headlines.
It is, therefore, of utmost importance to take necessary precautions on our devices and prevent malicious agents from gaining access to our sensitive information. If it does leak out, becoming acquired by data brokers who can use it for their own gain, subscribing to automated data removal services can help us regain control over our personal information.