EU-US Privacy Shield is dead. Long live Privacy Shield
Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-U.S.
The EU-US Privacy Shield, as you may recall, refers to the four-year-old data transfer mechanism which Europes top court just sunk with the legal equivalent of a nuclear bomb.
Five years ago the same court carpet-bombed its predecessor, a fifteen-year-old arrangement known without apparent irony as Safe Harbor.
Thousands of companies had been signed up to the Privacy Shield, relying on the claimed legal protection to authorize transatlantic transfers of EU users data. The mirage collapsed on cue last month, raising legal questions over continued use of cloud services based in a third country like the US barring data localization.
Alternative data transfer mechanisms do exist but data controllers wanting to use an alternative tool, like Standard Contractual Clauses , to take EU citizens data over the pond are legally required to carry out an assessment of whether US law provides adequate protections.
The fall of Privacy Shield should really have shocked no one, given the warnings, right from the get-go, that it amounted to lipstick on a pig.
Nothing since the Snowden disclosures has substantially reworked US surveillance law to make it less incompatible with EU privacy law.
President Obama made a few encouraging noises but under Trump the administration has dug in on helping itself to peoples data without a warrant.
However neither side has demonstrated that it posses the political clout and influence to remake the US data industrial complex which is whats needed to meaningfully enhance Privacy Shield.
We use cookies and analyse traffic to this site. By continuing to use this site, closing this banner, or clicking "I Agree", you agree to the use of cookies. Read our privacy poplicy for more information.