February 27, 2020

February 27, 2020

Subscribe to Latest Legal News and Analysis

February 26, 2020

Subscribe to Latest Legal News and Analysis

February 25, 2020

Subscribe to Latest Legal News and Analysis

EU Commission Recommends Suspension of Privacy Shield; Recent FTC Efforts May Be Too Little Too Late

On July 5, 2018, the EU Parliament passed a non-binding resolution encouraging the European Commission to suspend the EU-US Privacy Shield Program unless the US is fully compliant by September 1, 2018.  The EU Parliament believes that the current Privacy Shield program does not provide an adequate level of protection required by European law.  This comes roughly two years after the European Commission deemed the EU-US Privacy Shield Framework adequate to enable data transfers under EU law.  But a lot has changed in two years. 

In its resolution (in draft form), the Parliament points to several concerns with the EU-US Privacy Shield program.  Notably, the Parliament uses the Facebook-Cambridge Analytica saga (both companies are Privacy Shield certified) as proof of the program’s inadequacy and the US’ failure to monitor the program sufficiently.  Further, the Parliament questions two recent US legislative actions as potentially being at odds with EU privacy principles:  the recent passage of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) and the January 2018 reauthorization of warrantless searches under the Foreign Intelligence Surveillance Act (FISA).

Earlier this week, the Federal Trade Commission (FTC), one of the US agencies charged with enforcing Privacy Shield, announced a settlement with a California on-line training company that falsely claimed it was in the process of obtaining the EU-US Privacy Shield certification.  In its press release, the FTC boasts that this is the fourth case it has brought enforcing the Privacy Shield.  This obviously did not impress the Parliament.

The good news for the more than 3,100 organizations that voluntarily participate in Privacy Shield is that the Parliament does not have the authority to suspend the program.  Only the EU Commission or the Court of Justice of the European Union can do so and neither has taken action yet.  The EU Commission is slated to perform an annual review of the program in October.

© Copyright 2020 Murtha Cullina


About this Author

Dena Castricone, Murtha Cullina Law Firm, Privacy and Cybersecurity Attorney

Dena M. Castricone is a member of the Long Term Care and Health Care practice groups.  She is the Chair of the Privacy and Cybersecurity practice group and the Chair of the firm’s Pro Bono Committee.  Prior to joining Murtha Cullina, Dena served as a law clerk to the Chief Justice of the Rhode Island Supreme Court, Frank J. Williams.

Dena’s long term care and health care clients compete in a constantly evolving industry, facing both rising administrative and regulatory burdens and shrinking reimbursement rates. She helps skilled nursing centers, physician groups, home health and...