On July 17, AmCham Hungary cosigned a multi-industry letter to the US Department of Commerce initiated by the US Chamber of Commerce to encourage stakeholders to develop a new mechanism for cross-border data transfers following the European Court of Justice’s decision in Data Protection Commissioner v Facebook Ireland, Maximillian Schrems (“Schrems II”).
On July 16, the Court of Justice of the European Union invalidated Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield. The court says the requirements of US national security, public interest and law enforcement have primacy, thus condoning interference with the fundamental rights of persons whose data are transferred to that third country. In addition, mechanisms in the EU-US Privacy Shield ostensibly intended to mitigate this interference (such as an ombudsperson role to handle EU citizens’ complaints) are not up the required legal standard of ‘essential equivalence’ with EU law.
The EU Commission's decision on standard contractual clauses for the transfer of personal data to processors established in third countries is still valid thus the transatlantic data flows can continue based on the broad toolbox for international transfers provided by the GDPR. The organizations behind the letter believe a new sustainable and stable mechanism is pivotal to transatlantic business and encourage stakeholders in the US and the EU to negotiate and find a solution to this issue swiftly. Below you can read the full letter.
The Honorable Wilbur Ross
U.S. Department of Commerce
1401 Constitution Avenue, Northwest
Washington, DC 20230
Dear Secretary Ross,
The undersigned associations represent thousands of U.S. companies of all sizes and from a broad range of industry sectors. Despite the many differences in the products and services we create and in the customers we serve, we are united by the need to transfer data across international borders. We are writing in relation to yesterday’s Court of Justice of the European Union (“CJEU”) decision striking down the EU-U.S. Privacy Shield, a vital legal mechanism used to transfer data between the U.S. and the EU, upon which small and medium sized businesses rely heavily.
We are pleased the CJEU upheld the validity of Standard Contractual Clauses, which remain an important, privacy protective mechanism for transferring data. However, the Privacy Shield also plays a critical role for many of our members — and for the country. Since 2016, the Privacy Shield has provided an important legal basis for data transfers, which also includes important commitments on the protection of personal information.
More than 5,300 U.S. companies use the Privacy Shield, and those businesses contribute significantly to the nearly $1.1 trillion in total U.S. trade in goods and services with the European Union. Companies in the automotive, retail, hospitality, logistics, health care, manufacturing and human resource management fields are all certified to the Privacy Shield Program. Small and medium sized businesses account for more than 70% of Privacy Shield participants.
The effects of Thursday’s decision reach far beyond the more than 5,300 Privacy Shield-certified companies. Indeed, Privacy Shield certified companies have suppliers of goods and services, comprising a network of tens of thousands of additional companies, all of which indirectly rely upon Privacy Shield. The decision also comes at a particularly precarious time for American businesses, as the COVID-19 pandemic has led many to use remote services and rely on the ability to move data across the globe.
We strongly encourage you and your colleagues in the Administration to work collaboratively with your EU counterparts to develop a stable and sustainable mechanism for companies to transfer data between the European Union and the United States. It will be important for regulators to ensure data transfers can continue while a new agreement is under discussion. Together, these efforts will enable businesses in the United States to continue as leaders in the global economy.
We and our members stand ready to work with you on these important issues.
ACT | The App Association
AmCham Czech Republic
AmCham The Netherlands
American Chamber of Commerce Ireland
American Chamber of Commerce in Italy
American Chamber of Commerce in Sweden
American Chamber of Commerce to the European Union (AmCham EU)
American Council of Life Insurers
British American Business
Biotechnology Innovation Organization (BIO)
BSA | The Software Alliance
Coalition of Services Industries (CSI)
Computer & Communications Industry Association
Computing Technology Industry Association (CompTIA)
Global Data Alliance Internet Association
Information Technology Industry Council (ITI)
National Association of Manufacturers
National Retail Federation
Small Business & Entrepreneurship Council
U.S. Chamber of Commerce
U.S. Council for International Business