On 7 October 2022, the White House issued an Executive Order, as well as an accompanying Fact Sheet, which sets out the foundations for the Transatlantic Data Privacy Framework (“Framework”).
Since the decision of the Court of Justice of the European Uon (“CJEU”) in the Schrems II case in mid-2020, organizations have not been able to rely upon the Privacy Shield Framework to transfer data from the European Union (“EU”) and other European Economic Area countries to the U.S. As a result, many have sought to rely on other data transfer mechanisms, the most common being the EU Standard Contractual Clauses (“SCCs”). However, the Framework would allow participating organizations to transfer personal data freely, removing the administrative and commercial burden of the SCCs.
The Executive Order addresses data privacy concerns raised by Schrems II through introducing, among other measures, further safeguards and oversight of personal data collection by U.S. signals intelligence (“SIGINT”) activities and provides individuals with a redress mechanism for their data protection concerns. Although the Executive Order is a positive step forward, welcomed by many, the long-term durability of the Framework remains uncertain, and the Framework is not functional until the European Commission issues an adequacy decision based on the Framework, the timing of which remains uncertain.
Click here to read Ropes and Gray’s Client Alert on the Executive Order.