New EU-US Data Privacy Framework and OECD Declaration of Common Principles on Government Access: Surviving Schrems?

On December 13, 2022 the European Commission published its draft Adequacy Decision for EU-U.S. data transfers. The draft decision reflects the continued coordination between the EU and U.S. to identify and implement a lasting solution to facilitate international data transfers following the Court of Justice of the European Union’s judgment in Schrems II.

The next day, December 14, 38 OECD countries and the EU announced the adoption of a major international agreement among democratic nations committing to common standards for safeguarding privacy, and assuring transparency, oversight and redress with respect to their governments’ law enforcement and national security data access. OECD Secretary-General Mathias Cormann described the Declaration saying “Today’s landmark agreement formally recognises that OECD countries uphold common standards and safeguards. It will help to enable flows of data between rule-of-law democracies, with the safeguards needed for individuals’ trust in the digital economy and mutual trust among governments regarding the personal data of their citizens.”

The EU’s draft adequacy decision determines that the U.S., through the newly created EU-U.S. Data Privacy Framework, provides comparable safeguards to those of the EU and ensures an adequate level of protection for personal data transferred from the EU to certified organizations in the US. Whilst there is still more to come before organizations can begin to rely on the Framework, this marks a highly anticipated step in that process.

Join OneTrust DataGuidance and Sidley Austin LLP in a discussion with key players in international data transfers, including:

• Bruno Gencarelli, Deputy to the Director – Fundamental Rights and Rule of Law, Head of Unit – International Data Flows and Protection at the European Commission
• Peter A. Winn, Chief Privacy and Civil Liberties Officer at the United States Department of Justice
• Joe Jones, Deputy Director – International Data Transfers at the UK Department for Digital, Culture, Media & Sport

We will examine the European Commission draft Adequacy Decision and the Framework in detail, including the likelihood of it withstanding future legal challenges. The program will further assess the impact of the OECD Declaration, given its stated purpose to promote trust in cross-border data flows among countries sharing democratic values and touch on the pending UK-U.S. adequacy decision.

Key takeaways will include:

• Detailed legal analysis of the European Commission draft Adequacy Decision and the EU-U.S. Data Privacy Framework
• What organizations should know about the Framework’s Principles
• Other internal data transfer developments, including the UK-U.S. adequacy decision and the OECD declaration of common principles
• Next steps in the process and predictions for the future