Transfer of personal data from Europe and Switzerland to the United States: where do we stand?
Whether your business is multinational or not, it is likely that at some point information containing personal data will need to be transferred from Europe or Switzerland to the United States. Personal data is broadly defined to include any information relating to an identified or identifiable natural person. For example, a US-based online business that collects or processes names, addresses, and credit card information to fulfill orders for its products from European or Swiss individuals should be familiar with the rules governing cross-border transfers. The same goes for a US-based service company that collects or processes names and health information to track COVID-19 outbreaks around the world.
Over the past 20 years, two government-approved frameworks have been implemented to control the transfer of data, namely the US-EU Safe Harbor Framework (Safe Harbor) and Privacy Shield. Both were invalidated by the Court of Justice of the European Union (CJEU) based on lawsuits brought by Maximilian Schrems. On March 25, 2022, President Joseph R. Biden and European Commission (EC) President Ursula von der Leyen jointly announced an agreement in principle for a new Transatlantic Data Privacy Framework (Framework) that has the potential to establish the rules of the European Union. transfer of data to the United States.