The U.S.-EU negotiations for a new privacy agreement to replace the Safe Harbor provision invalidated by the Schrems decision may have hit a snag. The New York Times has reported that several national privacy regulators in EU countries have voiced displeasure that the deal with the proposed Privacy Shield does not go far enough to protect personal information of internet users in Europe. While the focus of the regulators’ ire is more generally around such Internet behemoths as Facebook and Google, this may well have serious implications for any U.S. company doing business in Europe.
National privacy regulators from Germany, France, and other countries have reported concerns about the ability of American law enforcement officials to have access to personal financial information, e-mails, and other data that generally receives greater protection in Europe than in the United States. But more than simply delaying the implementation of the Privacy Shield agreement, these objections could open the United States to investigations and prosecutions from individual EU countries for data privacy violations.
