The EU and US have announced an “agreement in principle” of a new Privacy Shield that will allow the simpler movement of personal data between entities based in the respective jurisdictions.
Since the landmark ‘Schrems II’ decision of 2020, companies wishing to transfer personal data (information identifying an individual, for example concerning employees or customers) from the EU to the US have had to conduct lengthy due diligence exercises to ensure the transfer protects the data being transferred with (most commonly) EU Commission-approved Standard Contractual Clauses having to additionally be agreed and executed between the parties.
When the new Privacy Shield becomes a reality, this will likely no longer be necessary and should encourage, rather than deter, EU-US cross border commercial relationships.
For the time being though, additional safeguards must be implemented before such transfers can legally take place, including a due diligence exercise and Standard Contractual Clauses. The same applies for transfers of personal data from the UK to the US, though it is believed that a similar understanding between these countries is also a priority for the future.
If you would like to discuss the above in more detail or require data protection advice for your business generally, please get in touch.
Madeleine Rhodes email: MRhodes@redfernlegal.com