Companies Warned To Prepare For Data Transfer Challenges

A new US administration may not necessarily bring with it a new data transfer pact between the EU and the United States, the top EU data protection authority has said.

And experts have warned that 2021 is also likely to bring in fresh challenges to British companies exchanging data with EU organisations, due to a change in the UK’s designation under EU privacy law.

The EU Court of Justice (CJEU), the bloc’s top court, in July struck down a transatlantic data-sharing agreement called Privacy Shield that had been in place since 2016, when it replaced the earlier Safe Harbour arrangement.

The deal allowed companies in the EU – which at the time included the UK – to exchange data with firms based in the US, including, in many cases, their own parent companies in Silicon Valley.

The Court of Justice of the European Communities in Luxembourg. ECJ

Privacy Shield

But the CJEU determined the risk was too great of US government surveillance accessing the personal data of EU citizens.

Since then, companies have been using a mechanism called standard contractual clauses to transfer data around the world.

The EU and the US are working on a successor to Privacy Shield, but European Data Protection Supervisor (EDPS) Wojciech Wiewiorowski warned companies not to expect a resolution in the short term.

“I don’t expect a new solution instead of Privacy Shield in the space of weeks, and probably not even months, and so we have to be ready that the system without a Privacy Shield-like solution will last for a while,” Wiewiorowski told Reuters.

He said a new arrangement could require changes to US national security law and said the new administration may not “take this topic as the most important”.

The European Union is also proposing revisions to standard contractual clauses and Wiewiorowski called the proposals “promising”.

UK data transfers

EU concerns about protecting citizens’ data are also likely to affect data transfers between the EU and the UK in the new year.

The UK continues under the authority of the EU’s GDPR privacy legislation until 31 January, after which it will be designated as a “third country” for EU data protection purposes.

The UK and the EU are negotiating a GDPR equivalency agreement, but in the absence of such a deal UK firms face challenges similar to those in the US in ensuring they can transfer personal data across international borders.

“As crazy as it may seem given that the UK has been part of EU Data Privacy since 1984, when the UK ends its transitionary stage with the EU at the end of the year, it will not automatically retain its GDPR equivalency,” said Darren Wray, chief technology officer at data privacy consultancy Guardum.

He said companies will need to put special contractual agreements in place to carry out such transfers and warned that the validity of such arrangements is “likely to be challenged”.

Legal challenge

Wray noted that in the legal challenges that brought down Privacy Shield and Safe Harbour, the UK was named as a partner in some of the US global surveillance programmes causing privacy concerns.

“This, combined with regulation such as the Regulatory Investigatory Powers Act 2000 (RIPA) which enshrines state surveillance in UK law, means that EU firms will be forced to see the UK as not offering adequate EU data protection,” Wray said.

He said UK organisations should act now to review their international data transfer arrangements and review client and vendor agreements concerning data.

British companies should consider investing in redaction software to automatically remove personal data from documents being sent across borders for processing, Wray said.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

5 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

6 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

6 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

8 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

11 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

11 hours ago