New EU-US data transfer agreement: Reynders’ digital policy moment?


This week, the Trade and Technology Council (TTC), which has become the main forum for EU-US cooperation on digital policy, met for the second time in Saclay, on the outskirts of Paris. The TTC has played an important role in resetting the EU-US relationship. A tangible example of this improved collaboration was last month’s agreement in principle on a new EU-US data transfer mechanism, the so-called Transatlantic Data Privacy Framework. 

However, amidst all the excitement surrounding the agreement in principle, one man has been conspicuous by his near-absence. Didier Reynders, Commissioner for Justice, is leading the negotiations on the EU side on this new framework for transatlantic data flows and yet, he did not feature in the public communications surrounding the agreement in principle, a moment which should have been one of the highlights of his term as Commissioner. Some critics see it as a sign that Reynders is struggling to carve out his own media and political profile on data protection policy, and more broadly digital policy. This thesis will be put to the test as Reynders will need to steer the Transatlantic Data Privacy Framework through the EU’s regulatory approval process. 

It is worth remembering that this agreement in principle was only a first step. Intense negotiations, spearheaded by Reynders, are ongoing to work out the technical details and finalise the draft adequacy decision before the summer. This draft decision will then go through a ratification process before its final adoption by the European Commission. The next step will be in court. Privacy activists, such as Maximillian Schrems, have already stated that they will challenge the new agreement before the Court of Justice of the EU.

Despite these hurdles, the Belgium Commissioner believes that a final agreement could be reached by the end of the year. But what political constituencies will Reynders need to square off in order to ensure passage of the agreement?  

First, the Justice Commissioner will need to get the business community on its side. This means navigating the tension between the urgency felt by EU and US businesses for increased legal certainty, with major question marks over the legality of transatlantic data transfers at the moment and the need for legal robustness to ensure the future data transfer mechanism will withstand the EU court’s scrutiny. Reynders was the Belgian Foreign Minister when the EU-US Privacy Shield was negotiated quickly in 2015-16 and it will not have escaped his notice that it only lasted four years before being struck down in the courts. Reynders will be hoping for a more durable legacy, as will companies operating between the EU and US. 

After building this trust with business, Reynders will need to reassure national data protection authorities in the European Data Protection Board and pro-privacy MEPs in the European Parliament, and in particular, the LIBE committee, that the new mechanism is consistent with the level of data protection provided by the General Data Protection Regulation (GDPR). Opposition or heavy criticism from the EDPB could force national governments to think twice before approving the deal or, more likely, provide fresh impetus to a legal challenge at the European Court of Justice. 

Finally, the Belgium Commissioner will need to address concerns raised by Paris and Berlin, over the need to reduce dependency on US data storage and data analytics companies. This will test Reynders' diplomatic skills and necessitate proactively selling the agreement as an example of the EU setting global standards, rather than facilitating the market positions of US companies.  

The question that follows is how Reynders wants to be remembered. Will his legacy be that of a strong supporter of EU-US cooperation, such as former Belgium trade commissioner Karel De Gucht, who actively promoted the Transatlantic Trade and Investment Partnership (TTIP)? Or will history view him as a privacy advocate, such as former justice commissioner Viviane Reding, who designed and negotiated the GDPR? Reynders is hoping there is room to invent a third way. 

Download this Insight here.


The views expressed in this note can be attributed to the named author(s) only.