Today the EU-U.S. Privacy Shield was approved by the EU Member States, which sets the stage for the European Commission to grant final approval to the Privacy Shield as a basis for EU-U.S. transfers of personal data.
This development follows criticisms of the Privacy Shield this past April from the Article 29 Working Party, an advisory group comprised of the EU privacy regulators. We summarized the primary criticisms in a prior blog post. The Working Party was responding to the draft adequacy decision that was released by the European Commission on February 29, 2016, which we summarized here. The revisions to the Privacy Shield are intended to address the criticisms of the Working Party but it is not yet clear if the criticisms have been fully reflected.
The European Commission will provide additional detail about how the Privacy Shield is intended to work in practice when the decision on the Privacy Shield is addressed. Organizations considering Privacy Shield as a basis for EU-U.S. data transfers will want to understand the details of the final decision to make an informed decision of whether the Privacy Shield is an appropriate approach for data transfers that they engage in.
For more information on the origins and implications of the Privacy Shield, see our prior blog posts:
- Data transfers in limbo – U.S. companies face fines by German data protection authorities (May 2016)
- EU-US Privacy Shield may not be up after all (April 2016)
- EU-U.S. Privacy Shield is Go…nearly (March 2016)
- Safe Harbor 2.0: Political Agreement Reached – The EU-US Privacy Shield (February 2016)
- EU Working Party Issues Statement on CJEU’s Invalidation of Safe Harbor Framework (October 2015)
- US-EU Safe Harbor – Struck Down! (October 2015)
- EU-US Safe Harbor About to be Struck Down? (September 2015)