31. The EU–US Data Protection Framework: Balancing Economic, Security and Privacy Considerations
- Author:
- Federica Marconi
- Publication Date:
- 09-2023
- Content Type:
- Commentary and Analysis
- Institution:
- Istituto Affari Internazionali
- Abstract:
- The rapid evolution of digital technology has ushered in a data-centric economy, where data accessibility drives marketplace efficiency and economic growth across various industries. However, this shift, while offering numerous benefits, introduces significant privacy and data security challenges, particularly in the context of transatlantic data transfers. Considering the vast economic ties between the EU and the US, the transatlantic data flow vividly illustrates the complexities involved in governing and transferring data. It grapples with the ongoing challenge of striking a satisfactory balance between economic advantages stemming from data utilisation and various concerns pertaining to national security, digital sovereignty and individual rights. In recent years, the European Commission approved two different frameworks on transatlantic data flow – Safe Harbour in 2000[1] and Privacy Shield in 2016[2] – asserting that the US provided a level of data protection for data transfers essentially equivalent to that guaranteed in the EU. However, despite initial optimism, both adequacy decisions faced a significant setback when the Court of Justice of the European Union invalidated them in what is commonly referred to as the “Schrems saga”,[3] named after the Austrian activist who first challenged both frameworks before the European Court. The core arguments centred on the absence of adequate safeguards for personal data within US domestic law and the extent of state surveillance over such data when it was transferred, as initially disclosed by Edward Snowden in 2013.[4] This legal development led to a period of significant uncertainty and further heightened the ongoing debate concerning the regulation of transatlantic data transfer. To address the consequences of this legal turmoil, both EU and the US committed to establishing “a renewed and sound framework for transatlantic data flows”,[5] seeking a long-term solution to address the complexities of data privacy and security, eventually leading to the recently adopted EU–US Data Privacy Framework (“DPF”).
- Topic:
- Security, Economics, Political Economy, European Union, Privacy, Transatlantic Relations, and Digital Policy
- Political Geography:
- Europe and United States of America