ARTICLE
29 April 2022

Waiting On A New EU-US Privacy Shield

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
It has been almost two years since the Privacy Shield was struck down as a valid data transfer mechanism in Schrems II.
United States Privacy

It has been almost two years since the Privacy Shield was struck down as a valid data transfer mechanism in Schrems II. Many have been wondering "what's next"? Will there be a replacement framework? When will that be released? Will the replacement be invalidated? Well, the European Commission and US recently announced an "agreement in principle" to replace the EU-US Shield Privacy Shield. The EDPB also recently released a statement welcoming the announcement, but reminding companies that the announcement is not actually a legal framework. Thus, nothing has changed... yet.

The new framework is intended to address several of the key concerns raised in Schrems II. The US highlighted that the framework will help ensure that:

  • intelligence collection may be undertaken only where necessary to advance legitimate national security objectives, and must not disproportionately impact the protection of individual privacy and civil liberties;
  • EU individuals may seek redress from a new multi-layer redress mechanism that includes an independent Data Protection Review Court; and
  • U.S. intelligence agencies will adopt procedures to ensure effective oversight of new privacy and civil liberties standards.

Putting it into Practice. For the time being, companies must continue to take necessary measures to comply with data transfer requirements of GDPR in light of Schrems II. This includes putting in place standard contractual clauses (or other appropriate safeguards), conducting transfer impact assessments, and putting in place any supplementary measures that might be needed. While a draft is expected to be released this year, it will then need to go through the adequacy decision process.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More