Privacy & Information Security Law Blog

On December 9, 2020, the Senate Committee on Commerce, Science and Transportation held a hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows. The hearing explored the policy issues that led to the Court of Justice of the European Union’s (“CJEU”) invalidation of the Privacy Shield framework in the Schrems II ruling. The hearing also discussed effects of the CJEU’s decision on U.S. businesses and what steps the U.S. government may take to develop a successor data transfer framework, including comprehensive federal privacy legislation.

The hearing’s witness list included: Noah Phillips, FTC Commissioner; Victoria Espinel, President and CEO, BSA – The Software Alliance; Neil Richards, Washington University School of Law; James Sullivan, Deputy Assistant Secretary for Services, International Trade Administration, U.S. Department of Commerce; and Peter Swire, Georgia Tech Scheller College of Business, and Research Director, Cross-Border Data Forum.

Key views expressed by the witnesses include:

• support for a comprehensive federal consumer privacy law that considers the duty of loyalty and provides a private right of action;
• agreement that a privacy law alone is not enough; rather the U.S. must also examine its approach to intelligence gathering and look towards surveillance reform, possibly to include consensus building on intelligence gathering/surveillance and data protection with other large-scale democracies; and
• emphasis on the effect of the invalidation of Privacy Shield on the economy, including concerns about data localization and its cost for small and medium business that may have far fewer resources than large businesses.

Read the written witness testimony.