The announcement between the Presidents of the US and the EU Commission from March this year (2022) regarding an updated Privacy Shield, intended to make transatlantic dataflow safe and secured between the EU and the US, is now a step closer to becoming reality.

The US President Biden released the Executive Order on Friday, 7 October, which was the first formal step towards an update of Privacy Shield Framework 2.0. Next, the EU Commission will need to assess the level of data protection offered by the new US framework and propose an adequacy decision in relation to the US.

The EU Commission has not committed to specific timelines or deadlines for the completion of the arrangement publicly, but some journalistic sources estimate the process to take close to six months, if everything goes smoothly. The process of adopting an adequacy decision will include obtaining an opinion from the European Data Protection Board (EDPB) and a green light from a committee consisting of EU Member States representatives. Finally, the European Parliament will have the right of scrutiny over the draft adequacy decision.

After the finalization of the arrangement, data will be able to flow safely between the EU and US companies certified by Department of Commerce under the new framework.

Nevertheless, whether the new agreement will satisfy the European privacy requirements remains a critical question, which could be brought to and tested at the EU courts.

Increasing amount of data creates growth in the data economy

Due to the increasing amounts of global data, the transatlantic data flows are critical to enabling 7.1 trillion dollars in the EU-U.S. economic relationship according to the announcement from US, and global data flows now contribute more to global growth than global trade in goods.

The EU Commission estimates that the volume of data produced in the world is growing rapidly, from 33 zettabytes in 2018 to an expected 175 zettabytes in 2025. Every 18 months, the amount of data is doubling.

According to the EU's estimates, the value of the data economy will increase to over €550 billion by 2025, representing 4 % of the overall EU GDP.

Regulations to secure our data and initiatives in Europe to boost digital sovereignty

We must be able to trust that regulations are so good that sensitive and critical data is protected for any misuse. They should bring legal certainty to data transfer and being secured in a trusted environment to enhance digital sovereignty for businesses and countries in Europe and globally.

How the EU will adopt and implement the agreement will be of high interests for the European citizens, society and businesses.

Many stakeholders, including the US tech giants, are highlighting the positive aspects of the Executive Order, such as increased data privacy for European citizens and legal certainty for businesses. Some other stakeholders, including European consumer organisations, are still sceptical about whether the new agreement is sufficient to protect Europeans’ privacy and personal data.

We commend the EU Commission for multiple recent initiatives to boost the European digital sovereignty and competitiveness in the global data economy.

We are a member of the GAIA-X, participating in security standardisation working groups for cloud services at the Nordic and European level, and also contributing to the public discussions related to European digital sovereignty going forward.

The awareness surrounding the choices of cloud solutions in a multi-cloud landscape is crucial in this respect. It is ultimately about taking ownership of the value of data sovereignty and our businesses in a global digital economy. Read more about digital sovereignty here.