EU-U.S. Privacy Shield

EU-U.S. Privacy Shield

The EU-U.S. Privacy Shield, on July 12, 2016, was officially adopted by the European Commission, establishing a data transfer mechanism between the two regions that replaced the previous Safe Harbor framework.

In October of 2015, the European Court of Justice deemed Safe Harbor inadequate in the protection of EU citizen data, particularly in light of the access that the U.S. government had/has to data held on servers in the U.S. The Safe Harbor challenge began in 2012, with then-law student Max Schrems taking issue with Facebook’s data handling practices, claiming they violated EU law. Schrems ended up taking his complaints all the way to CJEU and they agreed.

With this new plan, multinationals doing business in the EU are back in business. Though it remains to be seen whether the CJEU will click the “like” button on Shield, U.S. organization have been certifying to it and both regions have been relying on it for the transfer of EU citizens’ personal data outside the EU.

Want to know what the Privacy Shield means for your organization? Read on.

Log in now to access this IAPP member-only content.
Not a member? Join now.