RAIN Advisory — June 2022
In July 2020, the Court of Justice of the European Union (EU) invalidated the EU-U.S. Data Protection Shield under the verdict “Schrems II,” due to concerns over the potential for surveillance by U.S. government agencies. Prior to Schrems II, U.S. companies relied on this Privacy Shield to conduct trans-Atlantic data transfers in compliance with the EU’s General Data Protection Regulation (GDPR). On March 25, 2022, the EU Commission and the U.S. government proposed the new “Trans-Atlantic Data Privacy Framework” (TADPF) to address concerns raised by the Schrems II decision. Separately, in December 2020 the European Parliament and Commission also proposed the Digital Services Act (DSA) and the Digital Markets Act (DMA), which, respectively, seek greater accountability for online platforms, including regarding illegal and harmful content, and implement new standards that regulate business practices to create greater market competition. RANE spoke with Constantine Karbaliotis, Counsel at nNovation LLP., and Matthew Bernstein, Founder and Information Governance Strategist at MC Bernstein Data, to better understand how businesses can navigate increasing regulations on the transfer and processing of consumer personal data. Additionally, the experts will provide an introductory review of two critical new EU regulations on ‘Big Tech’.
WHAT TO KNOW
The above legislation highlights two main tracks of EU regulation. In the first, an evolving trans-Atlantic framework regulates the management and transfer of customer data between the United States and Europe. The main EU concern is that U.S. intelligence agencies have too much access to personal data. The second is about protecting EU consumers from harmful content and seeks to bring more competition to a market that has been traditionally dominated by a few large, U.S-based companies. Although related in some ways, they have different objectives. While data privacy has historically been more regulated in Europe than in the United States, more recently, the U.S. federal and state governments have been developing more legislation to improve consumer data protection and increase digital market competition. Armed with greater resources, regulators have begun to look at areas where personal data plays a role in commerce, as seen with the following regulation.