June 15, 2019

June 14, 2019

Subscribe to Latest Legal News and Analysis

June 13, 2019

Subscribe to Latest Legal News and Analysis

Privacy Shield Deal Passes Major EU Hurdle

On July 8, 2016, the draft EU-U.S. Privacy Shield adequacy decision was formally approved by the so-called “Article 31 Committee” of EU Member States (see press release, here).

That approval opens the door for the College of EU Commissioners to approve the Privacy Shield on Monday (July 11).  Once translated and published in the Official Journal of the EU, the adequacy decision will then enter into force.

However, there may need to be an implementation period during which the EU and U.S. put in place relevant structures; it is expected that Commissioner Věra Jourová will provide more details to the European Parliament on Monday, and in a joint press conference on Tuesday with U.S. Secretary of Commerce Penny Pritzker.

Once that implementation phase is complete, U.S.-based companies will be able to self-certify under the Privacy Shield.  Doing so provides a legal basis which entities in the European Economic Area can rely on to transfer personal data to those Privacy Shield-certified companies in the US.

Countries such as Israel and Switzerland may also follow suit, as they had previously done with the original EU-U.S. Safe Harbor framework (invalidated by the Court of Justice of the EU in October 2015).

An initial draft of the EU-U.S. Privacy Shield package, published in February (see our blog post here), had originally been met with mixed reviews from the European Parliament, the Article 29 Working Party and the European Data Protection Supervisor.

They all noted the Privacy Shield’s importance and welcomed the substantial progress compared to the Safe Harbor, but highlighted a number of concerns.  In particular, they expressed reservations in relation to the redress mechanisms, U.S. surveillance practices, automated decision-making, onward transfers, and data retention.

After calls from the Article 31 Committee for the European Commission to address those issues before they voted on the Privacy Shield, the EU and U.S. worked on an improved final text, securing the Article 31 Committee’s approval today.

© 2019 Covington & Burling LLP

TRENDING LEGAL ANALYSIS


About this Author

Philippe Bradley-Schmieg, Covington Burling, Data privacy and cybersecurity attorney
Associate

Philippe Bradley-Schmieg's practice covers a range of regulatory and commercial matters affecting the IT, internet media, e-health and telecoms sectors across the world.

Mr. Bradley-Schmieg advises on legislation, enforcement, advocacy and contracts relating to privacy, data protection, consumer protection, intermediary liability, copyright and databases, Big Data, medical confidentiality, cybersecurity, law enforcement data requests, and smart medical devices and apps.

44-20-7067-2282