EuroCommerce and NRF Welcome Adoption of Adequacy Decision for Transatlantic Data Privacy Framework
Press release - Digital, Technology & Payments
BRUSSELS, July 11, 2023 – EuroCommerce and the National Retail Federation today welcomed the announcement by the European Commission regarding the adoption of the adequacy decision for the EU-U.S. Data Privacy Framework.
Christel Delberghe, Director General of EuroCommerce, which represents retailers and wholesalers in Europe, said: “The new EU-U.S. Data Privacy Framework will provide EU citizens with adequate redress in the U.S. with the creation of the Data Protection Review Court. The new framework introduces EU-based concepts of necessity and proportionality which further strengthens protection of personal data of EU citizens in the U.S. This provides European retailers that process data in the U.S. with the necessary safeguards to be sure that the personal data is adequately protected.”
“U.S. retailers have long supported the adoption of a reliable and legally valid transatlantic data transfer mechanism that allows them to serve their customers in the EU while maintaining the highest data protection standards,” NRF President and CEO Matthew Shay said. “The European Commission’s announcement today reflects years of hard work on the part of the EU and U.S. governments to re-establish a legally valid data privacy framework that provides safeguards for consumers’ personal data transferred to the U.S. that are equivalent to those in the EU.”
In April, EuroCommerce and NRF released a white paper on the Commission’s draft adequacy decision and urged institutions on both sides of the Atlantic to swiftly adopt and implement the framework. The analysis showed that the new framework would ensure legal certainty and provide a durable, long-term mechanism to overcome the legal challenges that had invalidated the EU-U.S. Privacy Shield, the previous transatlantic data transfer framework.
NRF and EuroCommerce have worked collaboratively on EU data privacy and transatlantic data flows issues since 2016, holding annual joint meetings with EU officials with the goal of developing approaches to safeguard consumers’ data while fostering regulatory certainty for transatlantic retailers. The previous Privacy Shield was struck down by the Court of Justice of the European Union, the EU’s highest court, in its July 2020 ruling in the Schrems II case. That ruling came only four years after the Shield replaced an earlier U.S.-EU Safe Harbor Agreement on transatlantic data flows rejected by the same court in 2015 in the original Schrems decision.
Since 2020, standard contractual clauses approved by the European Commission have served as an alternative for businesses transferring data between the U.S. and the EU. Nonetheless, conditions set by the court on their use and supplementary measures recommended by the European Data Protection Board have made it more challenging and less predictable for retailers to rely on the clauses after Schrems II.