Neil M. Richards (Washington University School of Law; Yale ISP; Stanford Center for Internet and Society) has posted “The Invalidation of the EU-US Privacy Shield and the Future of Transatlantic Data Flows: Testimony of Professor Neil Richards before the United States Senate” on SSRN. Here is the abstract:
This is the prepared testimony and statement for the records, including responses to questions for the record of Professor Neil Richards before the United States Senate Commerce Committee on December 9, 2020. The testimony explains that while Congress has failed to pass a comprehensive privacy bill despite many opportunities, the judgment of the European Court of Justice in Data Protection Commissioner v. Facebook, (commonly known as “Schrems 2”) represents a real opportunity for it to do just that in the near future. The testimony argues first that Congress should not just pass a comprehensive privacy bill, but one that gets it right, that provides clear but substantive rules for companies, and which provides adequate protections and effective remedies for consumers. A law that meets these features will not just protect consumers – it will be good for business as well, by helping enable transatlantic data flows and building the consumer trust that is essential for long-term sustainable economic prosperity for all. Second, it explains what the judgment in Schrems 2 requires, with particular emphasis on factors within the jurisdiction of the Senate Commerce Committee. Third, it offers some ways in which the Committee’s work can solve some of the challenges for data flows and privacy law that the Schrems 2 judgment raises or illustrates. Fourth, it argues that this Committee should pass a strong privacy law (including a duty of loyalty) that builds the consumer trust that is so essential to sustainable and profitable commerce.