EU-U.S. Privacy Shield

EU-U.S. Privacy Shield

There’s a new sheriff in town–or a new shield, at least. The EU-U.S. Privacy Shield, on July 12, 2016, was officially adopted by the European Commission, establishing a data transfer mechanism between the two regions.

All this started in 2012, with then-lawstudent Max Schrems taking issue with Facebook’s data handling practices, claiming they violated EU law. Schrems ended up taking his complaints all the way to the highest court in the EU. In October of last year, the European Court of Justice deemed the former data transfer mechanism — Safe Harbor — inadequate in the protection of EU citizen data, particularly in light of the access that the U.S. government had/has to data held on servers in the U.S.

The two regions have now come up with a plan they can agree on, meaning multinationals doing business in the EU can get back to doing business — with some changes. Though it remains to be seen whether the CJEU will click the “like” button on Shield, companies that self-certify by Sept. 30 have up to nine months to bring existing relationships with third parties into conformity with the Onward Transfer Principle, making a pretty good case for early adoption.

Want to know what the Privacy Shield means for your organization? Read on.

Already a member? Log in now for access to this member-only content.