July 30, 2020

BRUSSELS – Today, an international group of 17 trade associations urged U.S. and European regulators to swiftly begin negotiations on a successor agreement to the EU-U.S. Privacy Shield, which was recently invalidated by the Court of Justice of the European Union (CJEU) in the so-called “Schrems II” case.

In a letter led by the Information Technology Industry Council (ITI) and sent to European Justice Commissioner Didier Reynders, U.S. Secretary of Commerce Wilbur Ross, and European Data Protection Board Chairwoman Dr. Andrea Jelinek, the associations also welcomed the Court’s upholding of Standard Contractual Clauses (SCCs) as a valid transfer mechanism and encouraged the U.S. and EU governments to work together to ensure the long-term viability of SCCs as a tool for companies of all sizes and across industries to transfer data across borders, avoiding further uncertainty and economic harm.

“Cross-border data flows between the U.S. and Europe are the largest in the world and are fundamental to the largest trading relationship in the world, valued at approximately 1.3 trillion U.S. dollars annually,” the associations wrote. “[…] The EU-U.S. Privacy Shield and SCCs are both important mechanisms for international business operations, allowing firms around the world to provide robust assurances on the protection of personal information and enabling the transparent and necessary movement of data seamlessly across borders. The invalidation of Privacy Shield has disrupted these transatlantic data flows, that are central to enabling the U.S. and European economies, and has created legal uncertainty for the more than 5,300 signatories to the EU-U.S. Privacy Shield agreement. Such disruption must be avoided in order to minimize any negative economic consequences, particularly in the wake of the COVID-19 crisis and the economic recovery in both Europe and the U.S.”

The EU-U.S. Privacy Shield agreement was a reliable and secure mechanism used by over 5,300 businesses of all sizes and all business sectors to transfer data from the EU to the U.S. The 16 July ruling by the CJEU invalidated this agreement, leaving many businesses scrambling to find an alternative without interrupting essential business operations.

You can read the full letter here or below.

Joint Industry Letter on Schrems II Case Ruling

Dear European Commissioner Reynders, Secretary Ross, and European Data Protection Board Chairwoman Dr. Jelinek:

As representatives of the global business community, we write regarding the 16 July ruling of the Court of Justice of the European Union in the so-called “Schrems II” case (C-311/18), which invalidated the EU-U.S. Privacy Shield agreement as a mechanism to transfer data between the European Union and the United States. We welcome the Court’s upholding of Standard Contractual Clauses (SCCs) as a valid transfer mechanism. We encourage the U.S. and EU governments to work together to ensure that companies can fully and safely rely on data transfer mechanisms, to ensure the long-term viability of SCCs in order to avoid legal uncertainty and economic harm, in full respect of the Court’s judgement and fundamental rights.

Cross-border data flows between the U.S. and Europe are the largest in the world and are fundamental to the largest trading relationship in the world, valued at approximately 1.3 trillion U.S. dollars annually. Transatlantic data flows account for over one-half of Europe’s data flows and about half of U.S. data flows. The EU-U.S. Privacy Shield and SCCs are both important mechanisms for international business operations, allowing firms around the world to provide robust assurances on the protection of personal information and enabling the transparent and necessary movement of data seamlessly across borders. The invalidation of Privacy Shield has disrupted these transatlantic data flows, that are central to enabling the U.S. and European economies, and has created legal uncertainty for the more than 5,300 signatories to the EU-U.S. Privacy Shield agreement. Such disruption must be avoided in order to minimize any negative economic consequences, particularly in the wake of the COVID-19 crisis and the economic recovery in both Europe and the U.S.

Virtually all industries conducting transatlantic business will be affected by the ruling – especially small and medium-sized enterprises (SMEs), start-ups, and scale-ups. The below signatories and their member companies take their legal commitments to protect the privacy of citizens very seriously when transferring data between the U.S. and Europe. It is important for companies, both large and small, operating in the U.S. and in Europe, to have an instrument that provides durable legal certainty.

We urge policymakers and government stakeholders on both sides of the Atlantic to begin immediate negotiations on a successor agreement that provides a solid legal framework to avoid trade disruptions to EU-U.S. data flows. The EU-U.S. trade relationship is undeniably one of the most critical in the world, and digital services and products are a key underpinning of that relationship. It is crucial for Europe and the U.S. to swiftly negotiate a durable successor agreement to the EU-U.S. Privacy Shield that protects privacy and avoids trade disruptions by enabling seamless transatlantic data flows consistent with fundamental rights.

It is also important that EU data protection authorities provide guidance for companies that were using Privacy Shield to transfer data to allow them to continue business operations until a successor agreement is reached. This should also include a reasonable enforcement moratorium. We urge EU and U.S. officials to provide swift guidance for signatories of Privacy Shield to enable continued business operations and to ensure that consumers will continue to benefit from their products and services, as well as the privacy protections on which they rely.

We thank you for your attention, and we stand ready to work with governments, the business community, and civil society to develop a policy framework that both protects citizens’ personal data and supports the innovation and free flow of data.

Sincerely,

American Chamber of Commerce to the European Union
American Chamber of Commerce to Ireland
ACT | The App Association
Allied For Startups
bitkom
Business Roundtable
Computer & Communications Industry Association
Developers Alliance
France Digitale
Ibec
Information Technology Industry Council (ITI)
National Association of Manufacturers
SIIA
SMEunited
techUK
U.S. Chamber of Commerce
United States Council for International Business

Public Policy Tags: Data & Privacy