EU and U.S. Agree to New Data-Sharing Pact, Offering Some Respite for Big Tech

“For over a year, officials on either side of the Atlantic have been hashing out a deal to replace the so-called Privacy Shield.”

Why this is important: The U.S. and the EU have different approaches to data privacy. The EU, with the General Data Protection Regulation (“GDPR”), has a comprehensive approach to data security that is derived from a central authority. The GDPR provides EU citizens with certain rights, including the right to (1) be informed on how their data will be used, (2) access the data that is collected, (3) rectify incorrect data, (4) have their data erased, (5) restrict how their data is processed, (6) data portability, (7) object to the sale of their data, and (8) not have their data used for automatic decision making. Each EU member state also designates a Data Protection Authority to oversee compliance with the GDPR. EU member nations are allowed to freely share personal data with businesses in countries that have a similar comprehensive system in place to provide data privacy. The GDPR applies to any business located in the EU even if the data it collects is from outside the EU, and to any business outside the EU that collects data from citizens of EU member nations.