In July of 2023, the European Commission officially put forward its adequacy decision that would adopt the EU-U.S. Data Privacy Framework. This framework better connects European and American organisations that opt in for data-sharing purposes, holding them liable under the Federal Trade Commission and the U.S. Dept. of Commerce. On October 12th, the General Court denied a French appeal to halt this framework.
The Data Privacy Framework & UK Data Bridge
The Data Privacy Framework works by allowing organisations in the EU and U.S. to opt into a data-sharing agreement. Data management is a big concern for the EU, as evidenced by policies like GDPR that changed how sites across the world operate. Even states no longer in the EU, namely the UK, have joined an expansion of the Data Privacy Framework via the UK-U.S. Data Bridge.
Like the EU’s biggest economies, the UK is home to massive websites that process a lot of data, including financial details. The importance of the UK’s online entertainment sector was likely considered in the Data Bridge expansion. Many iGaming sites, which handle copious amounts of user information, are based in Great Britain. Those online casino bonuses in the UK have made it a popular industry on the island, and the sites that host them take great measures to keep user data safe. In the EU, Malta has the same reputation and data-protection stringency when it comes to online industries like iGaming.
AdvertisementThe recent Data Privacy Framework marks the third attempt by the EU to form a data-protection pact with the U.S. Previous attempts – 2000’s U.S.-EU Safe Harbor and 2016’s U.S.-EU Privacy Shield were both dropped by the Court of Justice of the European Union. This was prompted by challenges from Austrian lawyer and data privacy activist Max Schrems, adjudicated by the Schrems I and Schrems II rulings. After the CJEU rejected prior agreements, both the EU and the U.S. have carefully negotiated the framework with Schrems’ court-upheld concerns in mind. Part of this process was Executive Order 14086, signed on the American end of negotiations to pave the way for the framework and Britain’s data bridge.
EU General Court Upholds the Data Privacy Framework
Unlike the two previous attempts to establish a data-sharing agreement with the U.S., it was French MEP Philippe Latombe who first challenged the framework. This came after the July adequacy decision that renewed the EU’s participation in the agreement. Latombe’s challenges sought a suspension of the framework and a review of the agreement text’s content for legality. Part of Latombe’s complaint was that EU countries were informed in English only and not published across sources like the Official Journal.
In rejecting Latombe’s challenges, the General Court stated that they do not prove individual or collective harm that stems from the agreement, as was the case in Schrems I and Schrems II. While Latombe’s filings for suspension have been rejected, Max Schrems and his non-profit organisation NOYB have announced they also plan to challenge the framework. Unlike Latombe, their challenge is likely to concern digital rights, and their track record indicates that the Data Privacy Framework will be held to high scrutiny.
The EU Commission just presented a "new" "Trans-Atlantic Data Privacy Framework" #TADPF with the USA – which is largely a copy of #PrivacyShield.
noyb will challenge the decision.https://t.co/EmSH1Q90YA
— noyb (@NOYBeu) July 10, 2023
So, it seems that the Data Privacy Framework has to withstand a further challenge in the near future. While oncoming legal battles could disrupt the framework, challenges to new policy are a healthy way to solve any concerns that parties may have. By giving these challenges their day in court, the EU can then arrive at a policy that satisfies all parties, including the public. Given the importance of data in the modern day, there’s no doubt that some kind of agreement will emerge in the future, either as the Data Privacy Framework or a future iteration.