Until mid-2020, the transfer of personal data between the European Union (“EU”) and the United States of America (“US”) operated under the EU-US Privacy Shield. However, this Privacy Shield was abolished by the Court of Justice of the European Union, which caused a number of problems with the transfer of data to third countries (or the USA).

However, it now appears that this problematic stage may be over, especially as a new framework governing the transatlantic transfer of personal data was presented to EU and US officials on 25 March 2022. This framework aims to restore the legal mechanisms governing the transfer of personal data and thus address concerns that arose with the abolition of the original Privacy Shield. 

In the new framework, the US commits, among other things, to introduce new safeguards that will limit access to personal data by US intelligence services to necessary and appropriate situations related to US national security. They also committed to adopting a new mechanism for EU entities that believe they have been illegally targeted by US intelligence services to seek redress or review of such activity. 

In addition, the new transatlantic framework aims to foster a reciprocal digital economy, to strengthen the privacy and civil liberties protections that apply to US intelligence services and, in particular, to help establish the same level of protection for the personal data of EU citizens in the US as they enjoy under the General Data Protection Regulation (GDPR). 

Author: Jessica Vaculíková, Martina Šumavská