Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
April 12, 2022
On Friday, March 25, President Biden and European Commission President Ursula von der Leyen announced that the U.S. and European Union reached a preliminary agreement to allow the transfer of Europeans’ personal data from the EU to the U.S.
This new deal, titled the Trans-Atlantic Data Privacy Framework, reestablishes a legal mechanism for transfers of EU personal data to the U.S. Included in this deal are commitments from the U.S. to address EU privacy concerns and adequately protect transferred data:
Going forward, the U.S. government and the European Commission will draft the appropriate legal documents that will be adopted to enact the Trans-Atlantic Data Privacy Framework.
In response to the revelations about U.S. government data practices from former U.S. National Security Agency contractor Edward Snowden, Max Schrems, a privacy advocate and activist, filed a complaint in 2013. These complaints led to a review by the Court of Justice of the European Union (CJEU).
In 2015, the CJEU invalidated Safe Harbor, a previous data transfer agreement between the EU and the U.S. Later in 2020, the CJEU also invalidated Privacy Shield, which was a follow-up attempt to remediate data protection issues related to Safe Harbor. The CJEU found that the protection of personal data had limitations due to domestic law in the U.S. as well as the access and use by U.S. public authorities.
Since the CJEU threw out the two previous data-transfer pacts, organizations that rely upon data transfers have been facing legal and operational uncertainty. In recent months, European data protection agencies have issued orders against the flow of personal data passing through products such as Google Analytics, Stripe and others.
Facebook’s parent company, Meta, has faced legal scrutiny regarding its international data transfers, with the matter going so far as the Irish Data Protection Commission (DPC), which sent a preliminary order in September 2020 requesting the suspension of EU to U.S. data transfers. It received a “revised” decision in February 2021, with Meta having the opportunity to provide additional information prior the DPC arriving at a final decision.
What Comes Next?
Eventually, this new agreement will face legal challenges to test how robust the agreement is in terms of adequately protecting EU citizens’ rights when their personal data is transferred to the U.S.
Max Schrems, who was instrumental in striking down the previous data transfer agreements (i.e., Safe Harbor and Privacy Shield), has already indicated that, when available, he and his privacy advocacy group will review the final text of the agreement with their legal experts to determine whether additional legal challenges are warranted.
How to Proceed?
Prior to the finalization of the Trans-Atlantic Data Privacy Framework, organizations that plan on transferring personal data from the EU to the U.S. should continue to evaluate their data transfers on a case-by-case basis.
During this process, either through a data transfer impact assessment or a privacy impact assessment, relevant stakeholders should identify potential transfers of personal data from the EU to the U.S., gather context related to the transfer, consult with inhouse and outside counsel as necessary, and evaluate whether adequate protections are applied to the data during transfer.
As a part of this assessment, organizations should continue to consult the European Data Protection Board’s six-step roadmap to assist in the assessment of transfers and application of measures that can be taken to safeguard the transfer of personal data.
If you have questions about this new accord and how it might affect your organization, please drop us a line.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Cybersecurity Compliance Services
Optiv's Cybersecurity compliance services including, PCI DSS, HITRUST, NIST CSF and ISO 27001, can help you navigate the complex, ever-changing security compliance arena. Learn more today!
NIST Privacy Framework a Flexible Tool for Managing Privacy Risks
NIST’s Privacy through Enterprise Risk Management helps organizations improve privacy practices.
Why does Data Privacy Matter?
When organizations build trust and respect the right to privacy, people are ultimately more likely to continue a business relationship.
Let us know what you need, and we will have an Optiv professional contact you shortly.