The long-awaited US-EU Privacy Shield—the successor to the US-EU Safe Harbor which was declared invalid—is set to kick in on August 1, 2016. (See our July 8 post for detail.) One of the reasons it took so long to put the Privacy Shield in place was the opposition it encountered from consumer groups and the data protection authorities of the EU member states (i.e., the Article 29 Working Group). The Article 29 Working Group called the Privacy Shield inadequate and not in conformity with EU law. This, of course, took a lot of luster off the Privacy Shield for companies involved in transatlantic business.
Now that the Privacy Shield has been adopted, however, the Article 29 Working Group has said that it will wait and see how the Privacy Shield works for a year before they decide whether to challenge its legality. This makes it a little more attractive, but does not remove the uncertainty associated with this compliance option. Consumer groups—including the individual who successfully challenged the legality of the Safe Harbor—are expected to mount a similar challenge to the Privacy Shield. The earlier critical statements made by the Article 29 Working Group are likely to come up again in that litigation. For practical purposes, the investment in complying with the Privacy Shield might turn out to be wasted.
Companies might think long-term about putting things in place to comply with the new EU Data Privacy Regulation.