EU-US negotiations on data transfer should move closer to a final agreement
Bratislava, February 23, 2022. The dependence of companies and end users on the digital environment is constantly increasing, which also puts pressure on the regulation of rules in the field of data security (GDPR, cyber security) or their transmission. It is therefore essential that clear rules be set in the area of data transfer as well. Two years have passed since the abolition of the European-American Privacy Shield, which was a solution for secure data transfer within the EU and the US. Companies thus face legal problems, as the stability of data flows has been disturbed. It is the key to providing the economic and social benefits of digital technologies, and its destabilization has a negative impact on the development of innovation and services and products in the digital economy.
Companies are calling for a speedy vacuum solution
Legal entities on both sides thus have difficult conditions in any data manipulation. The main problem is the incompatibility of EU and US legal systems. The Privacy Shield guaranteed legal certainty to all entities on both sides. By removing it, companies have taken a number of steps to ensure different levels of privacy in each third country to which the data is to be transferred.
This is extremely expensive in time and money. Firms have to encrypt data transmissions and supplement their standard contract clauses (SCCs), or use GDPR mechanisms.
Restrictions on cross-border data flows affect companies of all sizes and sectors, but primarily small and medium-sized enterprises (SMEs). As SMEs account for almost a quarter of all EU exports, this will have a major impact on them. In practice, this would mean that, for example, a start-up from Germany would no longer have access to the American cloud and the like.
According to a study by Digital Europe, Europe could lose € 1.3 trillion in additional revenue by 2030 (equivalent to the size of the Spanish economy). Estimated exports amount to € 116 billion per year (equivalent to Swedish exports) and, last but not least, 3 million jobs are indirectly at risk. Platforms operating in the digital sector, including media, culture, financial services, IT and consulting services, but also manufacturing, are most affected, as data transmission is a prerequisite for the global economy. The high impact of these transfers limits not only trade ties but also European citizens.
Why Member States should intervene
Europe is at a crossroads. The EU is responsible for most of the negative impacts in a negative development scenario. Indeed, the risks associated with data transfers within the GDPR outweigh the effects of the restrictive measures taken by the EU's main trading partners. While data transfer initiatives by politicians seeking to ensure legal data protection are commendable, the GDPR Directive should facilitate this process and not hinder international flows. It is assumed that as early as 2024, 85 percent of world GDP growth will come from outside the EU. The EU's motivation to support the development of digitalisation is also evidenced by the plans for the digital decade until 2030. The data transfer is one of the important milestones and results of these efforts, with a significant impact on exports, employment and economic growth.
Current state of negotiations in full swing
The European Commission has provided solutions to overcome the temporary situation, its priority being in particular the stabilization and protection of personal data for EU citizens linked to providing legal certainty for businesses operating in the EU beyond the US.
As stated by Michal Kardoš, Executive Director of SAPIE: “European leaders and stakeholders, including Slovakia, must take responsibility and push for fair and stable rules to be set at European level, as catching up with this problem is a win-win situation for all involved. EU-US talks on a new transatlantic political agreement are well advanced, offering European businesses and organizations hope for stability.”
