The Court of Justice of the European Union (CJEU) unexpectedly invalidated the EU-US Privacy Shield Framework late last week. The CJEU concluded that the Privacy Shield Framework did not go far enough to protect European data subjects from US government surveillance practices.
Any organizations that currently rely on the Privacy Shield Framework for transferring personal data from the EU to the US must urgently find an alternative data transfer mechanism to continue transferring data.
For many businesses, this may involve revising their contracting processes to include a set of guarantees known as “Standard Contractual Clauses,” which the CJEU considered and upheld in its decision, albeit with caveats.
The decision is expected to significantly disrupt transatlantic trade and organizations should watch for further guidance from the EU supervisory authorities, the European Data Protection Board, and the European Commission.
You can read the decision here.
If your organization is affected by these changes, feel free to reach out. We’re here to help.
Disclaimer
The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.