"Protecting data as it crosses international borders is critical to global retail operations."
WASHINGTON – The National Retail Federation and member companies will meet with senior U.S. and EU officials this week to discuss transatlantic data flows and additional EU e-commerce policy issues.
“Retail is global, and retailers want to be sure consumer and employee data is properly protected when transferred from Europe to the U.S.,” NRF Vice President and Senior Policy Counsel Paul Martino said. “Protecting data as it crosses international borders is critical to global retail operations, and U.S. retailers want to work closely with their European counterparts and government officials on both sides of the Atlantic to address the operational and legal challenges involved.”
NRF and its Brussels-based counterpart EuroCommerce will hold their fifth annual joint meeting with senior officials of the European Commission and the European Data Protection Board today and Thursday. The meetings were first held in-person in Brussels but were changed to a virtual format last year and this year in light of the pandemic. On Friday, NRF and U.S. retailers will meet virtually with officials and staff from the U.S. Mission to the European Union and the U.S. Commerce Department.
This week’s meetings will build on work begun last year after the EU-U.S. Privacy Shield was invalidated by the European Union’s highest court. The Privacy Shield was agreed to by the European Commission and the U.S. Commerce Department in 2016 to replace the 15-year-old Safe Harbor agreement for transatlantic data flows that had been invalidated in the 2015 Schrems decision by the European Court of Justice.
In its Schrems II decision in 2020, the same court struck down the Privacy Shield as well, but assured the validity of existing European Commission-approved standard contractual clauses that serve as an alternative transfer mechanism for businesses. However, the ruling set additional conditions on their use that called into question the continued reliance on SCCs by global businesses.
NRF and EuroCommerce earlier this year formed a Joint Working Group on International Data Transfers with the goal of fostering greater regulatory certainty for retailers as they negotiate EU data protection requirements on transfers of customer and employee data from EU countries to the United States. In August, the working group submitted a paper to the European Commission highlighting uncertainties within the retail industry about implementation of revised SCCs issued by the commission this summer. The paper requested clarification on a range of implementation issues NRF anticipates will be addressed in an FAQ document expected from the commission this fall.
In addition to implementation of the new SCCs, this week’s meetings are expected to address:
- The outlook for a successor agreement to the invalidated Privacy Shield
- Issues concerning application and enforcement of the General Data Protection Regulation, including its potential overlap with the proposed e-Privacy Regulation
- Proposed regulation of e-commerce platforms, including those considered as holding a “gatekeeper” position
- New EU artificial intelligence regulations, including those that would affect AI-powered voice assistants
About NRF
The National Retail Federation, the world’s largest retail trade association, passionately advocates for the people, brands, policies and ideas that help retail thrive. From its headquarters in Washington, D.C., NRF empowers the industry that powers the economy. Retail is the nation’s largest private-sector employer, contributing $3.9 trillion to annual GDP and supporting one in four U.S. jobs — 52 million working Americans. For over a century, NRF has been a voice for every retailer and every retail job, educating, inspiring and communicating the powerful impact retail has on local communities and global economies.