It is essential for companies to stay on top of the developments in Europe to identify and implement a suitable solution.

In their article “Transatlantic Data Flows Still on the Brink: New EU-US Agreement Creates Further Uncertainty” in Bloomberg BNA’s World Data Protection Report (16.2), Anahita Thoms and Christoph Werkmeister examine the current EU legal frameworks for permitting personal data flows from the EU to US businesses in the wake of the European Union Court of Justice’s (CJEU) decision in October 2015 that the European Union-Safe Harbor framework is invalid. They find these legal frameworks in a heightened state of flux: (1) the Privacy Shield, intended to replace the Safe Harbor framework, is still under consideration and stands a fair chance of not winning CJEU approval; (2) the fate of the Privacy Shield either way will impact in unpredictable ways other regulatory frameworks, like the BCR and the SCC, that might permit such data flows, albeit in limited ways; and (3) despite all this uncertainty, the EU legal penalties for failure to comply with EU data protection rules still stand. Given this flux, the authors conclude that companies that currently rely on and continue to use personal data flows for their businesses should do so only with close attention to developments to avoid such pitfalls as fines, criminal penalties, and reputational risk.