Peter Swire, Alston & Bird Senior Counsel and Georgia Institute of Technology Scheller College of Business professor, has published an article on the path forward for E.U. / U.S. data transfers.
Swire’s article offers a historical perspective on the European Court of Justice’s (ECJ) recent decision in Schrems. Schrems invalidated the Safe Harbor framework relied upon by thousands of U.S. businesses to support transfers of personal data from the European Union. As companies struggle to understand the significance of Schrems for their business, Swire argues that the current legal situation parallels the uncertainty surrounding U.S.-E.U. data transfers before the institution of Safe Harbor in 2000. Drawing on the historical comparison, Swire argues that the path forward depends upon taking “European law and practice seriously,” while, at the same time, “the EU should not be able to insist on U.S. practices that are stricter than what the EU expects of its own organizations.”
Examining Schrems closely, Swire points out that model clause contracts and Binding Corporate Rules do not share the same supposed deficiencies that the ECJ identified with Safe Harbor. Used appropriately, alternatives to Safe Harbor such as model clause contracts and Binding Corporate Rules provide local E.U. DPAs an opportunity for enforcement oversight of the “adequacy” of the data transfers. Swire concludes that, as a result, such alternative data transfer mechanisms should satisfy the ECJ’s demands in Schrems.
Swire’s full article is available here.