Earlier today, European Commission President Ursula von der Leyen announced that the European Union has reached an agreement in principle with the U.S. regulating trans-Atlantic data flows.
This news comes almost a year and a half since the invalidation of the EU-U.S. Privacy Shield by virtue of the landmark Schrems II judgment. You can read more about Schrems II here.
Speaking at joint press conference with U.S. President Joe Biden, von der Leyen has said that this new Privacy Shield deal will “enable predictable, trustworthy data flows between the EU and the U.S., safeguarding privacy and civil liberties”.
Despite the fact that no legal text has yet been published, the announcement has already been the subject of much scepticism. Max Schrems, the lead litigant in the Schrems II case, has said that “If it is not in line with EU law, we (noyb) or another group will likely challenge it. In the end, the Court of Justice will decide a third time. We expect this to be back at the Court within months from a final decision.”
In a Factsheet issued by the European Commission earlier this afternoon, it is hinted that the promulgation of a new set of rules and binding safeguards to limit access by U.S. intelligence authorities is a key aspect of this Privacy Shield 3.0. Additionally, it appears that a new two-tier redress system specifically aimed at resolving complaints on transborder data flows will be set up, which system will also include the setting up of a Data Protection Review Court.
We are yet to see what the details of the legal documents will hold – watch this space for developments!