The final version of Privacy Shield (which has not yet been officially published) passed the Article 31 Committee vote on July 8th and is being presented today to the LIBE committee of the European Parliament. LIBE’s vote is advisory, but it may provide some early indications as to how well Privacy Shield will survive anticipated legal attacks once it is formally adopted and implemented.
Formal adoption of Privacy Shield is widely expected to happen this week. Once that happens, the US Department of Commerce or FTC should publish the final text and start processing registrations. Companies considering certifying under Privacy Shield should note that it requires a greater degree of internal scrutiny and documentation than Safe Harbor did.
Companies that have put standard clauses in place following the demise of Safe Harbor will want to consider the pros and cons of participating in Privacy Shield rather than continuing to rely on the standard clauses. Neither approach is guaranteed to be risk-free: The standard clauses have been sent to the Court of Justice of the EU for review under the second round of the Schrems case in Ireland, and Privacy Shield is virtually certain to end up before the Court of Justice at some point within the next year or two.