The EU-US Privacy Shield's Growing Pains
The EU-US Privacy Shield's Growing Pains

Transatlantic exchanges of personal data for commercial purposes were, in the past, overseen by the International Safe Harbor Privacy Principles. In October 2015, the European Court of Justice declared the previous Safe Harbour framework invalid. In February of 2016, the European Commission and US Government reached a new agreement, the EU-U.S. Privacy Shield. Despite criticism that the Privacy Shield is “not robust enough,” the EU Commission approved a final version on July 12, 2016, and its implementation began with the US Department of Commerce on August 1, 2016.

The creation and ultimate effectiveness of the Privacy Shield is a critical element to the future of commercial relationships between the United States and EU. Essentially, it sets the guidelines for the handling, transmission and possession of EU citizens’ personal data by U.S. companies. The brief issued by the European Commission notes that the new Privacy Shield “imposes stronger obligations on U.S. companies to protect Europeans’ personal data,” including annual certification, greater transparency, oversight mechanisms to ensure companies abide by the rules as well as sanctions or exclusion of companies who do not comply.

In a new article for the New York Law Journal, I talk about the Privacy Shield’s Growing Pains and how an understanding of the progression to the Privacy Shield can help organizations anticipate how the new Privacy Shield will be enforced. In the article, I talk about:

  • The future impact of the GDPR
  • The history of Safe Harbor
  • The Schrems Case
  • The remaining obstacles following the adoption of the Privacy Shield

Although the final version of the Privacy Shield has gone into effect, it is still a work in progress. For example, the Shield requires the establishment within the US Department of State of an independent Ombudsman mechanism to handle complaints from EU citizens. It is also likely that the annual review of the Privacy Shield will include changes, so it’s key that organizations remain vigilant to future compliance requirements. Read the full article here.


Stephen Treglia

Stephen Treglia was Legal Counsel to Absolute and oversaw more than 40 investigators and data analysts. Previous to this, Stephen concluded a 30-year career as a prosecutor in New York, having created and supervised one of the world’s first computer crime units from 1997-2010. Stephen is a renowned nationwide lecturer, teacher and writer on a variety of legal topics.