US Agrees to Tighten Data Privacy for EU Citizens – But Not Us

We are now a step closer to an agreement announced in principle last year, to replace the now thrown out Privacy Shield. Privacy Shield was the (at least) second try to come up with a solution to sharing data across the pond while protecting EU citizens’ privacy. The last agreement got struck down by the Court of Justice for the European Union, in a decision known as Schrems II, named after activist/lawyer Max Schrems of Austria.

The new proposed regulation would:

• Require US companies to delete personal data when it is no longer necessary for the purpose for which it was collected. Hopefully, they will put some guardrails around that, because companies like Facebook will say that will happen around the 12th of NEVER.
• It also requires companies to ensure the continuity of protection when personal data is shared with third parties.
• While the regulations are not mandatory, it will be mandatory if you want to share data from the EU to the US.
• The proposed framework will also give EU citizens several redress avenues, including access to free dispute resolution and arbitration services.
• It also includes more limitations and safeguards regarding access to the data by US government entities, including law enforcement and national security.
• Finally, the agreement would give the European Parliament a right to scrutinize the adequacy of the controls. The initial review will come one year after the bill becomes law.

While the devil is in the details, hopefully this is the beginning to a permanent solution to data sharing.

Credit: Cybernews

by