WASHINGTON/BRUSSELS – Today, global tech trade association ITI issued the following statement in reaction to the decision from the Court of Justice of the European Union (CJEU) in the so-called “Schrems II” case to invalidate the EU-U.S. Privacy Shield, causing significant legal uncertainty for all businesses on both sides of the Atlantic.
ITI also urges EU and U.S. policymakers to begin negotiating a successor agreement to the EU-U.S. Privacy Shield that addresses the concerns raised by the CJEU’s ruling and to adopt a strengthened and durable framework that is consistent with EU data protection rules manifested under the General Data Protection Regulation (GDPR) and other applicable laws and based on a thorough appreciation of the current applicable legal frameworks in both the U.S. and the EU.
ITI’s President and CEO Jason Oxman issued this statement about the decision:
“In addition, the decision unfortunately adds another obstacle to recovery at a time when we are all working to combat the COVID-19 pandemic and facilitate an economic revival. Cross-border data flows play an essential role in enabling that recovery, and striking down the EU-U.S. Privacy Shield removes an important mechanism allowing companies to protect privacy while transferring data.”
Many businesses – especially small and medium-sized enterprises (SMEs) – rely heavily on Privacy Shield to transfer data across the Atlantic. ITI therefore urges EU and U.S. officials to provide immediate guidance for signatories of Privacy Shield to enable companies to continue business operations and ensure that consumers will continue to benefit from their products and services, as well as the privacy protections on which they depend.
While Standard Contractual Clauses (SCCs) have not been invalidated, the ruling casts doubt upon the reliability of this mechanism depending on the specific situation of each third country where the data transfer is directed, creating uncertainty for businesses.
In this crucial moment, it is also important that EU data protection authorities adopt a fair and reasonable approach to enforcement, and ideally a moratorium, to allow for a transition period for companies to align their data practices as necessary.
ITI stands ready to work with governments, the business community, and civil society to develop policy frameworks that protect citizens’ personal data, while supporting the innovation and free flow of data.