Choose Site


Tech & Sourcing @ Morgan Lewis


With the invalidation of the US-EU Safe Harbor program and the passage of the Judicial Redress Act (JRA) in the House of Representatives, it is now the Senate’s turn to consider additional privacy protections for EU citizens.

On October 6, the European Court of Justice invalidated the US-EU Safe Harbor program, citing inadequate protections for EU citizens’ personal data and remedies for wrongfully transferred data or misuse of transferred personal data. The downfall of the US-EU Safe Harbor program followed warnings from EU officials that the United States did not adequately protect EU citizens’ personal data and ongoing efforts from US and EU negotiators to address these concerns. One attempt to reinstate trust in data transfers between the United States and EU is the EU-US Data Protection Umbrella Agreement. Under this agreement, EU citizens will have the ability to seek judicial redress in the United States if certain US agencies misuse personal data or refuse access to or rectification of personal data transferred from the EU for law enforcement purposes. To finalize the EU-US Data Protection Umbrella Agreement, Congress needs to pass the JRA to authorize the extension of these privacy protections to EU citizens.

The House of Representatives acted to empower the judicial redress rights of the EU-US Data Protection Umbrella Agreement by passing the JRA on October 20. The JRA was introduced in the Senate on June 17, and the bill as passed by the House was received in the Senate and referred to the Senate Judiciary Committee on October 21. As passed in the House and currently proposed in the Senate, the JRA authorizes the Department of Justice to designate countries and regional economic integration organizations whose citizens may bring civil actions against US agencies 1) that intentionally or willfully violate disclosure conditions or 2) deny individual requests to access or amend personal data, where personal data has been transferred for law enforcement purposes.

Since being introduced in the Senate, the JRA was proposed as an amendment to the Cybersecurity Information Sharing Act and later removed from consideration. As of publication, the JRA remains in the Senate Judiciary Committee, and there are no public plans to move the proposed bill forward by Chairman Chuck Grassley.

Policymakers and industry members have identified passage of the JRA as a piece of the puzzle that is restoring a data-sharing mechanism between the EU and United States. With ongoing negotiations and an approaching deadline for a “Safe Harbor 2.0,” the Senate faces pressure to weigh in on the Judicial Redress Act.