Privacy Shield replacement on track, though hurdles remain

EU US privacy

Since the most recent mechanism to ensure “safe” data transfers between the European Union and United States was rescinded, companies on both sides of the Atlantic have hoped a viable replacement would come into force quickly to provide the same level of legal assurance.

Fortunately, momentum is gathering toward a new standard.

The July 2020 ruling by the Court of Justice of the European Union (CJEU) to invalidate the Privacy Shield placed companies at increased risk of violating the EU’s General Data Protection Regulation (GDPR) when transferring data between the two regions. This is because U.S. surveillance laws allow excessive access to EU citizens’ personal data for national security reasons.

In the aftermath of the ruling, standard contractual clauses (SCCs) and binding corporate rules (BCRs) gained popularity as alternatives for enabling transatlantic data flows. But neither mechanism provides the cover of the Privacy Shield, meaning businesses have viewed a new agreement between the European Union and United States as necessary.

lock iconTHIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.