The Privacy Shield, the mechanism which permits personal data transfers between the EU and the US, has passed its second annual review by the EU Commission on the 19th December 2018. In so doing, the Commission decided that the U.S. continues to provide an adequate level of protection of personal data, enabling the transfer of personal data from the EU to the U.S. The Commission's report highlights that it is still closely monitoring the adequacy of U.S data protection and indicates particular areas it continues to closely evaluate to determine adequacy. In particular, the report sets a deadline for the appointment of the as yet unfilled position of Privacy Shield Ombudsperson. If the vacancy has still not filled by the 28th February 2019, the Commission will "consider taking appropriate measures" in accordance with the GDPR. The previous mechanism for transatlantic data transfer, Safe Harbor, was declared invalid by court decision in 2015.
- How-to guide How-to guide: How to negotiate and draft governing law and court jurisdiction clauses in a commercial agreement (UK)
- Checklist Checklist: Data subject access rights under the GDPR (UK)
- How-to guide How-to guide: Maximizing the use of boilerplate clauses to limit the risk of unforeseen events (USA)