On Tuesday 12 June, the European Commission officially adopted the EU-U.S. Privacy Shield. With further improvements added since the earlier draft reviewed formally by the EU Data Protection Authorities via the Article 29 Working Party (see here)- the EU Parliament and EU Data Protection Supervisor, this revised version of the Privacy Shield undoubtedly provides stronger protection for data transfers from the EU than its predecessor – whether it is strong enough however continues to be strongly debated.
The view of the Data Protection Authorities on this adopted version is awaited. This will be an interesting test of their ability to form a consensus view, with some authorities very much against the earlier draft. The vulnerability to legal challenge means that many will wait and see if challenges emerge before investing in or risking relying on it as a sole means of protection, especially with the General Data Protection Regulation (GDPR) on the horizon. For the cloud and other service providers who are keen to become early adopters, building confidence in this mechanism and addressing the “what if it is challenged?” question will be vital as they may find some customers are not willing to rely upon it.