In this month’s Privacy & Cybersecurity Update, we analyze the U.S. and EU’s joint commitment to create a new data transfer framework to replace the invalidated Privacy Shield, as well as Utah’s new state privacy law and updates to the California Consumer Privacy Act. We also review the SEC’s proposed cyber disclosure rules, a pair of cyber-related insurance court rulings and the EU’s proposed Data Act.
US and European Commission Announce Commitment to Create New Trans-Atlantic Data Privacy Framework
On March 25, 2022, the U.S. and the European Commission announced that they had jointly committed to creating a Trans-Atlantic Data Privacy Framework, an important first step in crafting a data transfer structure to replace the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of the European Union (CJEU) in 2020. The actual agreement between the EU and the U.S. will need to be built over the coming months, and is likely to face new legal challenges when completed.
President Joe Biden and European Commission President Ursula von der Leyen announced that the U.S. and EU had reached an agreement in principle on the framework, which represents the…
