Allow me to address two issues today:
1. US and EU Agree in Principle on New Trans-Atlantic Data Privacy Framework
In a joint press conference, US President Joe Biden and European Commission President Ursula von der Leyen announced last week an agreement “in principle” on a framework, called the Trans-Atlantic Data Privacy Framework (“Privacy Shield 2.0”), to replace the US-EU Privacy Shield. The EU General Data Protection Regulation (“GDPR”) places restrictions on personal data transfers to countries outside of the European Economic Area. Privacy Shield 2.0 is designed to replace the original Privacy Shield which had made EU to US data transfers legal but was invalidated by the European Court of Justice in 2020 in the so-called Schrems II decision.
Privacy Shield 2.0 would potentially revive the Privacy Shield and allow EU to US data flows for compliant companies. Few details have emerged on the terms of the agreement or how different its terms would be from the original Privacy Shield.
The concern of EU Courts has been the extent of the US government’s surveillance of personal data. Many in Europe are wary of any mechanism that allows data transfers to the US because they believe that the transferred data simply will not be protected from the eyes of the US government. Some European commentators are skeptical of Privacy Shield 2.0 as few details have emerged about how US government surveillance would change in order to have the regime survive scrutiny in EU courts and a possible Schrems III scenario. What is clear is that the success or failure of the forthcoming Privacy Shield 2.0 will have serious consequences for businesses of all sizes transferring personal data across the Atlantic, and beyond.
For the Philippines as a data-driven economy with a business-process outsourcing industry that is employing 1.4 million people and generating revenues of $28.8 billion (2021 data), this Data Privacy Framework Development between the EU and the US is enormously important, as much of the data flow between the US and EU involves companies and people in the Philippines.
While we wait to see the detail, businesses transferring personal data across the Atlantic should rely on adequacy safeguards under the GDPR such as the so-called “standard contractual clauses.”
2. Return to on-site work
Today is April 5: on April 1, BPO companies were forced to resume full on-site operations or face penalties. work from home—no more. The Hybrid-System, which makes sense—was not considered. The Philippines rightfully wants to be a data-driven economy. What must the next government do to protect the important BPO industry? Feedback is needed!
I look forward to your feedback; contact me at hjschumacher59@gmail.com