When the new EU-US Privacy Shield was adopted all the way back on the 12th of July, we were quoted in the media (here) discussing the fact that formal legal challenges to it were inevitable. By the time the dust settled enough to issue our more comprehensive view here, it looked like such a challenge would be sufficiently far into the future that adoption of the new regime was probably the most cost-effective course for most companies. That view received some affirmation yesterday when the EU Data Protection Authorities’ Article 29 Working Party released a statement saying they would not seek to challenge the adequacy of Privacy Shield for at least a year.
Although its name does not exactly roll off the tongues of most Americans, the Article 29 Working Party a highly influential body in the world of EU data privacy legislation. Its members are representatives of the individual Data Protection Authorities or DPAs from each of the EU member nations. Previously, the Article 29 Working Party had been critical of the Privacy Shield so this news about refraining from a formal challenge to its adequacy is significant. In fact, many EU observers believe it may signal a new phase of flexibility in which the Article 29 Working Party will be more willing to tolerate refinement of the specific areas it feels are inadequate, rather than the scorched-earth, complete invalidation approach it supported in the case of the old Safe Harbor regime.
Here’s a recap of what you need to know about the EU-US Privacy Shield:
What is the Privacy Shield?
Does my company need it?