Privacy Shield BackgroundIn August 2016, the EU-U.S. Privacy Shield replaced the Safe Harbor Program, which was invalidated on October 6, 2015 by the Court of Justice of the European Union (CJEU) in the Schrems decision, C-362/14. The EU-U.S. Privacy Shield provides companies with a mechanism to comply with international data transfer requirements under European data protection law when personal data is transferred from the EU to the U.S. The EU-U.S. Privacy Shield is based on…
With over 2,000 companies so far taking advantage of the EU-US Privacy Shield Arrangement to transfer information from the European Union to the US, a need certainly exists in the marketplace for compliance solutions to cross-border data flows. For companies transitioning over to Privacy Shield, or even those self-certifying to Privacy Shield for the first time, our team of privacy experts is here to assist in navigating this complex new framework. Below is a high-level checklist…
After much negotiation between the U.S. and European authorities, the Department of Commerce (DOC) began accepting applications to the EU-U.S. Privacy Shield Framework on August 1, 2016. Although there was considerable speculation about whether U.S. companies would participate in the program due to the possibility of legal challenges in Europe and the more stringent requirements of Privacy Shield over Safe Harbor, more than 75 companies have already completed the self-certification process, and many more have…
As of August 1, 2016, U.S. companies can now self-certify compliance to the EU-U.S. Privacy Shield (“Privacy Shield”) to the U.S. Department of Commerce (see https://www.privacyshield.gov/welcome). Privacy Shield is a new legal mechanism that provides “adequate protection” within the meaning of EU data protection laws for transatlantic data flows to the United States. Privacy Shield replaces the U.S.-EU Safe Harbor Arrangement (“Safe Harbor”) as a key mechanism for EU to U.S. data transfers, as the…
On July 8, 2016, EU Member State representatives on the Article 31 Committee approved the EU-U.S. Privacy Shield (“Privacy Shield”), paving the way for the European Commission to formally adopt an adequacy decision for this critical trans-border data flow arrangement. Once adopted, the Privacy Shield will serve as a new legal mechanism for transatlantic personal data flows.Privacy Shield OverviewThe EU Commission issued a draft adequacy decision and related documents in February that contained the legal…
The Data Protection Authority (“DPA”) of Hamburg, one of 16 German State DPAs, has issued fines against three companies for failing to implement alternative data transfer mechanisms following the invalidation of the European Commission Safe Harbor adequacy decision in October 2015. The fines range from EUR 8,000 to EUR 11,000 for each company.This is the most high-profile example of a DPA taking action against companies for continuing to transfer personal data from Europe to the…
The Working Party of European Union Data Protection Authorities (“WP29”) recently issued its opinion on the draft EU-U.S. Privacy Shield Adequacy Decision (“Privacy Shield”). As part of the internal EU “comitology” review process for Privacy Shield, WP29 provides a non-binding, yet influential, opinion to the European Commission and Art. 31 Committee ̶ the bodies that will each need to approve Privacy Shield.What Does The WP29 Opinion Mean For Organizations?Given its role as the champion of privacy…
On 25 May 2016, the Irish Data Protection Commissioner (“IDPC”) announced that it would be seeking a judgment from the Court of Justice of the European Union (“CJEU”) on the legal status of the EU Standard Contractual Model Clauses (“EU Model Clauses”) for cross-border data transfers. This development further increases the uncertainty around permissible means of transferring personal data from the EU to the US. Last year, the CJEU declared the EU-US Safe Harbour Framework “inadequate”…
UPDATE: The Survey Report is now available here.On the heels of the EU Parliament’s formal adoption of the EU General Data Protection Regulation (GDPR) on April 14, 2016, Baker &McKenzie will be publishing the results of its 2016 EU GDPR and EU-US Privacy Shield Survey next week! Until then, subscribe for the b:INFORM newsletter to get updates and articles sent straight to your inbox.Our survey report captures the views and expectations of over 100 privacy…
On February 29, 2016, the European Commission published a draft adequacy decision and related documents intended to implement the EU-U.S. Privacy Shield. Upon adoption (anticipated for June 2016), the Privacy Shield will serve as a new legal mechanism for transatlantic data flows replacing the U.S.-EU Safe Harbor Framework. We have provided a brief review below, and a more detailed analysis is available here.Self-Certification ProcessLike Safe Harbor, the Privacy Shield will function through a self-certification process…