> There’s a new EU-US data framework that’s expected to be ratified within a year which should make EU-US transfers possible again under new guidelines.
Black Books (S01E01) put it best:
> NICK VOLEUR: This new system, it's very closely modelled on the old system, isn't it?
> BERNARD BLACK: I'd go further than that, Nick, I'd say it was more or less exactly the same[.]
Given the US side of said framework is established by executive order[1] and the “court” it creates is part of the executive (much like the “ombudsperson” office that the CJEU struck down Privacy Shield over), it’s unclear if it will work, or if the Commission (an executive body who can establish these things but is subject to judicial review) is setting itself up for a Schrems III another ten years down the line for foreign-relations reasons. The EU privacy regulator very politely said it was dubious[2], while the relevant parliamentary committee[3] and later the full parliament[4] expressed open scorn.
The US diplomats, for their part, are trying for a “you too” defence[5]—which might well be factually true to some extent, just does not change anything about EU law.
> Its possible this fine was intended to pre-empt the passing of any new frameworks and cash in on the uncertainty in the interim.
As the legal basis for a transfer is fixed at the time it’s performed, a framework cannot be retroactive (but “the Commission was wrong, the transfers weren’t lawful after all” decisions can be). So while the FUD may be real, the case could just as well have been decided after the new framework had been passed.
Black Books (S01E01) put it best:
> NICK VOLEUR: This new system, it's very closely modelled on the old system, isn't it?
> BERNARD BLACK: I'd go further than that, Nick, I'd say it was more or less exactly the same[.]
Given the US side of said framework is established by executive order[1] and the “court” it creates is part of the executive (much like the “ombudsperson” office that the CJEU struck down Privacy Shield over), it’s unclear if it will work, or if the Commission (an executive body who can establish these things but is subject to judicial review) is setting itself up for a Schrems III another ten years down the line for foreign-relations reasons. The EU privacy regulator very politely said it was dubious[2], while the relevant parliamentary committee[3] and later the full parliament[4] expressed open scorn.
The US diplomats, for their part, are trying for a “you too” defence[5]—which might well be factually true to some extent, just does not change anything about EU law.
> Its possible this fine was intended to pre-empt the passing of any new frameworks and cash in on the uncertainty in the interim.
As the legal basis for a transfer is fixed at the time it’s performed, a framework cannot be retroactive (but “the Commission was wrong, the transfers weren’t lawful after all” decisions can be). So while the FUD may be real, the case could just as well have been decided after the new framework had been passed.
[1] EO 14086, https://www.federalregister.gov/d/2022-22531
[2] https://iapp.org/news/a/edpb-welcomes-improvements-to-eu-us-...
[3] https://iapp.org/news/a/meps-urge-european-commission-to-rej...
[4] https://www.europarl.europa.eu/news/en/press-room/20230505IP...
[5] https://www.politico.eu/article/washington-to-brussels-we-wa...