Ever since being finalized in July of 2016, the EU-US Privacy
Shield has faced considerable criticism. Crafted to replace the
long-standing EU-US Safe Harbor that was struck down the previous
year, the EU-US Privacy Shield was intended to smooth the transfer
of data from the EU to the United States while ensuring the privacy
of EU citizens was adequately protected.
But questions emerged almost immediately after its adoption as
to whether the new framework actually provided adequate
protections, or whether it too would be deemed insufficient. Those
concerns have continued and resulted in multiple challenges to the
legality of the Privacy Shield in EU courts. A parliamentary
committee even adopted a resolution last month expressing concerns
with the adequacy of protections found in the Privacy
Those challenges and the concerns underlying them are set to be
topics of conversation as top US and EU officials meet in September
to assess the first year of the Privacy Shield. Vera Jourova, the
EU Commissioner for Justice, Consumer and Gender Equality,
announced that she and US Department of Commerce Secretary Wilber
Ross will be meeting in Washington, D.C., in September to discuss
the new Privacy Shield, issues and concerns with its effectiveness,
and the sufficiency of the protections afforded under the Shield at
Of particular concern to EU critics was the failure to include
express limits on the collection of EU citizen personal data by law
enforcement. One of the chief complaints with the prior Safe Harbor
was that it allowed law enforcement to engage in large-scale,
indiscriminate collection of personal information from EU citizens
for law enforcement purposes. Such collections violated EU citizen
privacy rights and ultimately led to the Safe Harbor being struck
down in October of 2015.
While the Privacy Shield established means for raising
complaints over the collection of information by law enforcement,
there are no express limitations in the Privacy Shield itself on
how US law enforcement could collect data from EU citizens.
Instead, US officials met with EU officials and assured the EU that
the US would use more narrowly tailored information collection
techniques. President Obama even signed Presidential Policy
Directive 28 spelling out these assurances and others in
Based largely on these assurances, EU officials tamped down much
of the criticism of the Privacy Shield and squelched legal
challenges to its sufficiency. But that was before Donald Trump was
elected president, and swept into office with promises to
de-regulate many activities.
Thus, it is unclear whether the directives in Presidential
Policy Directive 28 are still the governing policy of the US's
new administration. And that uncertainty, in and of itself, has
already allowed legal challenges to spring up to the Privacy Shield
All of which makes the September review of the Privacy Shield
that much more important for the Shield's future. For instance,
will the new administration provide similar assurances to the
previous administration with respect to law enforcement collection
of EU personal data? If not, will the EU withdraw its support for
the Privacy Shield? If the Privacy Shield fails, will it also take
down the so-called Umbrella agreement between the EU and US
governing the sharing of personal information between law
enforcement officials in both areas? And what sort of impact would
that have on the security of Europe and the United States?
Thus, many more eyes than normal will be on what would
ordinarily be a nondescript policy review of a data transfer
agreement in September as the EU and US meet to assess the EU-US
Privacy Shield. Regardless of what happens, the meeting is likely
to have a significant impact on American companies doing business
in Europe and looking to transfer EU citizen data to the
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
At last week's Health Care Compliance Association's annual "Compliance Institute," Iliana Peters, HHS Office for Civil Rights' Senior Advisor for HIPAA Compliance and Enforcement, provided a thorough update of HIPAA enforcement trends as well as a road map to OCR's current and future endeavors.
The challenges that come along with securing sensitive information are unprecedented. It has become extremely difficult to protect data which is stored electronically, and breaches have unfortunately become a frequent occurrence.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).