30th Floor, North Tower, Beijing Kerry Centre, 1 Guanghua Road, Chaoyang District, Beijing, 100020
+86 10 8519 0011
50th Floor, Central Plaza, 18 Harbour Road, Wan Chai, Hong Kong
+852 2521 5621
Room 4605, Park Place, 1601 Nanjing West Road, Jing An District, Shanghai, 200040
+8621 6321 1166
Suite 2405, 24/F, SCIA Tower, Qianhai Shenzhen-Hong Kong Modern Service Industry Cooperation Zone of Shenzhen, Shenzhen, 518000
+86 755 6123 5666
Select your language
Please accept the geolocation request appearing in your browser
Find other officesAn influential committee of MEPs is proposing to recommend against the adoption of ‘Privacy Shield 2.0’, a proposed new framework to help businesses transfer personal data from the EU to the US in line with the requirements of EU data protection law.
In December last year, the European Commission published a draft ‘adequacy’ decision endorsing the framework – formally known as the EU-U.S. Data Privacy Framework. That action came after EU and US officials had, earlier in 2022, agreed a deal in principle and US president Joe Biden then signed an executive order giving effect to the commitments made on the US side.
The European Commission is empowered under the EU GDPR to issue adequacy decisions, which effectively declare that a jurisdiction outside of the European Economic Area (EEA) provides an adequate level of protection for personal data.
An adequacy decision is an important determination because the GDPR restricts data transfers outside of the EEA unless the data continues to benefit from an equivalent standard of protection in the jurisdictions to which the data is exported. Where a jurisdiction benefits from an adequacy decision, organisations can transfer data to these places without the need for additional safeguards to be applied.
However, as well as considering the non-binding opinion of the European Data Protection Board (EDPB) and accepting the binding decision of a committee made up of representatives from EU member states, the European Commission must consider the views of the European Parliament on matters of adequacy.
In a recent draft motion for resolution before the Parliament, the Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) proposed to call on the Commission “not to adopt the adequacy finding”.
Pinsent Masons can help you manage your Schrems II business needs.
The LIBE Committee has provisionally said that Privacy Shield 2.0 “fails to create actual equivalence in the level of protection” and plans to call on the Commission to “continue negotiations with its US counterparts with the aim of creating a mechanism that would ensure such equivalence and which would provide the adequate level of protection required by Union data protection law and the Charter [of Fundamental Rights of the European Union] as interpreted by the CJEU”.
In 2020, the Court of Justice of the EU (CJEU), in the so-called ‘Schrems II’ ruling, invalidated the Commission’s adequacy decision in respect of the original EU-US Privacy Shield after it identified issues associated with the scope US public authorities had to access and use the data transferred to the US from the EU under the framework.
The Schrems II ruling has had major implications for data transfers outside of the EU in general, not just to the US. Privacy Shield 2.0 is, however, a solution EU and US negotiators have subsequently explored for easing compliance burdens in respect of EU-US data transfers.
Data protection law expert Andre Walter of Pinsent Masons previously said there were significant hurdles to be overcome with regard to Privacy Shield 2.0 before the framework could be finalised. He has advised businesses to continue to conduct data transfer impact assessments before transferring personal data outside of the EEA, in line with their post-Schrems II legal obligations.
Contact an adviser
Stay ahead by signing up to our weekly email of news and expert analysis, tailored for you
Data, privacy & cyber
Valid email address
Thanks, we have sent an email to
Please check your inbox to confirm your subscription. The confirmation email may take up to 15 minutes to arrive.
• Check your spam or junk folder
• Ensure your email address was entered correctly.
• You can amend your details and resubmit if required
• If the email has still not arrived, please contact us for assistance
OUT-LAW NEWS
A recent decision by the Court of Appeal in England & Wales highlights that judicial remedies cannot be used to unwind or amend regulated mortgages, an expert has said.
OUT-LAW NEWS
Businesses in Germany face increased risks of mass claims being raised against them if personal data they are responsible for is made available for sale on the ‘dark web’, experts have said following a ruling by the country’s highest court.
OUT-LAW NEWS
The Society of Construction Law (Singapore) rolled out a protocol for using experts’ joint statements.
We use cookies that are essential for our site to work. To improve our site, we would like to use additional cookies to help us understand how visitors use it, measure traffic to our site from social media platforms and to personalise your experience. Some of the cookies that we use are provided by third parties. To accept all cookies click ‘accept all’. To reject all optional cookies click ‘reject all’. To choose which optional cookies to allow click ‘cookie settings’. This tool uses a cookie to remember your choices.
Please visit our cookie policy for more information.
