Shreve Speaks to National Law Journal on Transatlantic Data Privacy Protection

Cybersecurity, Privacy and Data Governance Chair James Shreve shared his insight with the National Law Journal on a new Data Privacy Framework agreed to by the European Commission this month. The article, “U.S. Lawyers Hope for Longer-Term Solution in Wake of Transatlantic Privacy Deal,” was published on July 17, 2023.

The publication reports that the deal is the third such agreement which allows the transfer of Transatlantic data with certain safeguards. The first cross-border data transfer deal dates back to 1995. It allowed for transfer, but required “adequate protection” of the data being moved. The subsequent “Safe Harbor” arrangement was created in 2000 to smooth out details and was the model for 15 years, before being struck down by the European court.

“I’m a little concerned that the process keeps playing out in the same way; are we willing to go through this a fourth time or are people going to lose confidence?” asked Shreve in the article. He went on to say that the trillion dollar business of data transfer between the two continents needs something stable for businesses to rely on. “If these agreements keep getting struck down then they can’t depend on it.”

The National Law Journal reports that efforts to implement a successor to Safe Harbor were all met with European court challenges.

The new agreement has already been challenged, but the publication says there’s cautious optimism among U.S. and EU lawyers that the Privacy Framework may survive.

That hope is coming in part from rapidly evolving data privacy laws in the states in the U.S. where state-level privacy requirements are starting to match Europe’s General Data Protection Regulation, or GDRP.

“In past challenges to the transfer regimes, there had been more focus on substantive provisions of U.S. privacy law… but it’s somewhat different now because we have state laws,” said Shreve, noting compliance now requires similar steps no matter what side of the Atlantic you’re on.

Still, Shreve pointed in the article to votes from the European Parliament which showed hesitation with Privacy Framework earlier this year. And while it was the EU Court of Justice who okayed the effort last week, the same body struck the previous two deals and it’s unclear if that girding will survive another assault.

“I don’t think anyone is holding their breath that this new framework necessarily will survive challenge,” said Shreve.