US President Joe Biden signed an executive order this month to implement the EU-US data privacy framework known as Privacy Shield 2.0.
Privacy Shield 2.0 recreates a legal way for personal data to flow from the USA to Europe. The executive order comes after more than a year of talks between US and European negotiators.
In addition, Privacy Shield 2.0 follows two previous transatlantic data transfer agreements rejected by the European Court of Justice – one in 2015 and the other in 2020.
To better understand what the new data privacy framework means for businesses, it’s helpful to know how and why Privacy Shield 2.0 came about in the first place.
Below is a timeline of the events leading up to the signing of the executive order, followed by an analysis of how the framework has helped companies.
Privacy Shield 2.0: Chronology of events
- 2000The United States and the European Union established the Safe Harbor Framework to protect data transfers between the United States and Europe.
- 2013Edward Snowden blew the whistle on a mass surveillance program in the United States called PRISM.
- 2014: European privacy activist Max Schrems files a complaint against Facebook with the Irish Data Protection Commissioner. The condition is known as Schrems I.
- European privacy laws prohibit the transfer of data to countries outside the European Union unless the company can ensure adequate protection.
- The original complaint was dismissed and the decision was appealed to the European Court of Justice.
- 2015: The Court of Justice of the European Union rules that the safe harbor framework between the US and the EU is no longer sufficient because of the PRISM surveillance programme.
- The provision means the transfer of personal data between the European Union and the United States was It is no longer allowed.
- 2016The United States and the European Union have another data transfer agreement called the Privacy Shield.
- The agreement remained in place for four years before another case, known as Schrems II, was brought by Schrems.
- 2020: Schrems wins his second case. The European Court of Justice struck down Privacy Shield 1.0 after ruling that US surveillance programs went beyond what was necessary and proportionate.
- 2022On March 25, US President Joe Biden and European Commission President Ursula von der Leyen sign a political agreement on a new framework for data privacy across the Atlantic. The deal is referred to as Privacy Shield 2.0.
- 2022On October 6, President Biden signed an executive order to implement Privacy Shield 2.0.
The new transatlantic data privacy framework agreement between Biden and von der Leyen promises to implement new safeguards to ensure that US intelligence activities are “necessary and proportionate in pursuit of objectives that challenge national security.”
The new framework would also allow EU citizens to take action if they believe US intelligence activities are unlawfully targeting them.
Privacy Shield 2.0 allows EU citizens to submit privacy complaints to a Data Protection Review Tribunal composed of individuals outside the US government. The Court of Review has the final decision on the legal use of the data.
What does Privacy Shield 2.0 mean for businesses?
Many companies with a presence in the US and Europe support Privacy Shield 2.0, renewing a $7.1 trillion data protection relationship.
Meta is one of those companies, which is ironic considering that Facebook’s handling of personal data has broken the old framework.
says Nick Clegg, Meta’s Head of Global Affairs Twitter (In response to the news of Biden signing the executive order):
“We welcome this update to US law that will help preserve an open internet and keep families, businesses and communities connected, wherever they are in the world.”
Personal data is highly valuable to companies that have advertisers using said data, so it’s not surprising that Meta would prefer to open the data pipeline again.
US companies running ads on Facebook may benefit from being able to serve European customers more personalized ads.
To this end, the framework may help all US-based companies operating abroad. Data is the lifeblood of any successful marketing and advertising campaign, and American companies can now legally collect more data from their European audience.
Linda Moore, President and CEO of TechNet Industry Group, too advertiser Privacy Shield 2.0 support:
“We commend the Biden administration for taking positive steps to ensure efficient and effective data flows across US and European borders and we will continue to work with the administration and members of Congress of both parties to pass a federal privacy law.”
To explain what this framework means to companies, it is important to point out what they might lose without a data privacy agreement.
Mikołaj Barczentewicz, Senior Researcher at the International Center for Fu and Economics (ICLE), Highlights The implications of delaying the agreement further:
“It is imperative that an agreement on an effective privacy shield be reached urgently, as EU citizens already face the prospect of losing access to services such as Google Analytics and Facebook, not to mention potential disruption to financial services such as insurance and payments networks.
What will be crucial is that the US proposal addresses the two sides the EU expects to cover: redress for EU citizens and guarantees that US data-monitoring practices are “necessary and proportionate”. We can hope that the EU courts will be reasonable, but litigation is certain.”
what happened after that?
The executive order signed by President Biden will now be submitted to the ratification process by the European Commission.
There is no telling how long the process will take, as the executive order could face legal challenges in Europe.
We will continue to follow this story and provide an update when more information becomes available.
Featured image: J_UK/Shutterstock