Skip to main content

More than adequate: New directions in International Data Transfer Governance

Page 1

Atlantic Council EUROPE CENTER

ISSUE BRIEF

The Europe Center conducts research and uses real-time analysis to inform the actions and strategies of key transatlantic decisionmakers in the face of great power competition and a geopolitical rewiring of Europe. The Center convenes US and European leaders to promote dialogue and make the case for the US-EU partnership as a key asset for the United States and Europe alike. The Europe Center’s Transatlantic Digital Marketplace Initiative seeks to foster greater US-EU understanding and collaboration on digital policy matters and makes recommendations for building cooperation and ameliorating differences in this fast-growing area of the transatlantic economy.

1.

2.

More than Adequate: New Directions in International Data Transfer Governance JUNE 2023

Kenneth Propp

Executive Summary The US government and the European Union (EU) have made notable recent progress toward putting transatlantic data transfers on a more stable footing. They reached agreement on a new legal framework to replace the Privacy Shield,1 and both signed on to an Organisation for Economic Co-operation and Development (OECD) Declaration on Government Access to Personal Data Held by Private Sector Entities.2 Europe’s distrust of commercial data flows to the United States—a concern ever since former National Security Agency contractor Edward Snowden’s revelations a decade ago about their use as an avenue for US intelligence collection—seems to be less acute, as its attention to Russia and China increases. But it would be a mistake for digital policy makers in Washington and Brussels now to put down their pens and declare the privacy problem solved. The new Data Privacy Framework (DPF) could well be found insufficient by the Court of Justice of the European Union. Even if the DPF survives, the United States and Europe risk drifting further apart in their pursuit of differing visions for the relationship between digital trade and privacy protections. The United States’ inter-

US President Joe Biden and European Commission President Ursula von der Leyen announced the agreement in principle in March 2022. See: “United States and European Commission Joint Statement on Trans-Atlantic Data Privacy Framework,” White House, March 25, 2022, https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/25/united-states-and-european-commission-joint-statement-on-trans-atlantic-data-privacy-framework/#:~:text=Under%20the%20Trans-Atlantic%20Data%20 Privacy%20Framework%2C%20the%20United,to%20ensure%20compliance%20with%20limitations%20on%20surveillance%20activities. On October 7, 2022, Biden signed an executive order establishing a Data Privacy Review Court to be located within the US Department of Justice. See: “Enhancing Safeguards for United States Signals Intelligence Activities,” Federal Register, October 14, 2022, https://www.federalregister.gov/documents/2022/10/14/2022-22531/enhancing-safeguards-for-united-states-signals-intelligence-activities. The European Commission responded on December 13, 2022, by proposing to find transfers to the United States made pursuant to the agreed Data Privacy Framework to be “adequate” for purposes of European Union (EU) law. See: “Adequacy decision for the EU-US Data Privacy Framework,” European Commission, December 13, 2022, https://commission.europa.eu/document/e5a39b3c-6e7c-4c89-9dc7-016d719e3d12_en. “Declaration on Government Access to Personal Data Held by Private Sector Entities,” OECD Legal Instruments, May 13, 2023, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0487.


Turn static files into dynamic content formats.

Create a flipbook
More than adequate: New directions in International Data Transfer Governance by Atlantic Council - Issuu