What Challenges will the New EU-US Data Privacy Framework Create for US Companies?

Jami Vibbert, chair of the Privacy, Cybersecurity & Data Strategy group, and Government Contracts and National Security partner Ronald Lee were quoted in recent coverage of the new EU-U.S. Data Privacy Framework, which is designed to streamline data transfers, reduce the need for transfer impact assessments, and present a redress court for data misuse.

Vibbert told LegalTech News that the redress methods contemplated by the Data Privacy Framework have the potential to be more stringent than those in other privacy laws, but does not actually believe that will create significant costs associated with implementing the Framework (though may increase enforcement risk).

Lee, former General Counsel of the National Security Agency, Associate Deputy Attorney General of the DOJ, and Chief of Staff of the CIA, said that U.S. companies already need to follow data protection standards similar to the EU-U.S. framework in other countries and regions, so the additional burden might only be marginal.

Lee also was quoted about the new framework in Global Data Review. He emphasized the importance of understanding how the new framework's redress court will operate in real-world scenarios. Additionally, he highlighted that although some mechanisms are specific to the framework, they align with the established compliance mechanisms that provide assurances that the intelligence community abides by the law and the Constitution.

» Read the LegalTech News article: “EU-US Data Privacy Framework Brings European Data Privacy Principles to US Companies" (subscription required).
» Read the Global Data Review article: "US adequacy receives cautious welcome" (subscription required).