Home Knowledge Privacy Shield Update

Privacy Shield Update

February 24, 2016
Partner
Leo Moore

 

A group of EU data protection regulators has announced a review of the recently agreed EU-US Privacy Shield, the international data transfer framework which is set to replace Safe Harbor.

As we recently reported (see here), the European Commission and the United States have reached an agreement on the successor to Safe Harbor, to be known as the EU-US Privacy Shield. The new framework is designed to reflect the requirements set out in the CJEU’s ruling in the Schrems case and will provide various redress mechanisms in order to uphold the fundamental rights of EU citizens.

The Article 29 Working Party (WP29) has determined that the following four guarantees should be respected when personal data is transferred outside the EU:

  1. Data processing should be based on clear, precise and accessible rules
  2. Data collection should be proportionate
  3. An independent oversight mechanism should be in place
  4. Effective remedies should be available to data subjects

The WP29 has stated that it will examine the Privacy Shield on the basis of these four guarantees. It hopes to receive the relevant documents relating to the Privacy Shield by the end of this month so that it can determine whether the Privacy Shield addresses the concerns raised by the CJEU in Schrems.

What happens now?

As it stands, transatlantic data transfers cannot take place under Safe Harbor as this mechanism has been declared invalid by the CJEU in Schrems. The WP29 has stated that Standard Contractual Clauses and Binding Corporate Rules can still be used for data transfers to the US in the meantime.

It is expected that the European Commission and the US will formalise their agreement on the Privacy Shield over the coming weeks. The WP29 will then conduct a review to determine whether the Privacy Shield addresses data protection concerns. It remains to be seen whether the Privacy Shield is an acceptable solution to the issues highlighted by the Schrems judgment.

With the proposed EU-US Privacy Shield still some way off, businesses that previously relied on Safe Harbor in respect of data transfers to the US should implement an alternative data transfer solution in the meantime.

Follow us on Twitter @WFIDEA

Contributed by: John Magee

Recommended Insights

See all
Article and Insights
1
Feb 2024
Responsible Business Annual Report 2023
William Fry is pleased to launch its Responsible Business Annual Report 2023.
Article and Insights
2
Feb 2024
Digital Operational Resilience Act – second batch of technical standards launched for consultation
We focus on the second batch of draft implementation measures announced by the Eur...
WF_author_blank
Partner
John O’Connor
Article and Insights
2
Feb 2024
John Delaney Documents – Supreme Court Refuses Leave to Appeal
The Supreme Court has refused leave to appeal from a decision rejecting John Delan...
WF_author_blank
Consultant
Deirdre O’Donovan
Article and Insights
24
Jan 2024
Cross-Examining Affidavit Evidence in Insolvency Cases
The High Court recently dismissed a petition seeking the winding up of a biofuel c...
WF_author_blank
Partner
Fergus Doorly
prev
next
See all