December 11, 2019

December 10, 2019

Subscribe to Latest Legal News and Analysis

December 09, 2019

Subscribe to Latest Legal News and Analysis

The Privacy Shield Survives Another EU Commission Review, For Now…

The EU Commission concluded its third annual review of the EU-U.S. Privacy Shield and found that it continues to provide an adequate level of protection for EU personal data. The program was created as a mechanism to facilitate transfers of personal data from the EU to the US. It is reviewed annually by the EU Commission, as we have discussed in prior posts. That body did express concern with some parts of the program. This included a fear that US Department of Commerce’s monthly pro-active checks of companies may be too surface level, and did not necessarily include review of  the companies’ privacy provisions in vendor contracts.

Als of concern for the EU Commission was the focus -when trying to identify companies who falsely claimed to participate in the program- only on companies who had previously applied for certification. Instead, the Commission expressed, it would like to see all companies included in scope. The Commission also expressed its belief that there should have been more companies examined overall. Finally, the Commission recommended that the US Department of Commerce (that administers the program in the US), the FTC (which enforces compliance in the US), and the EU Data Protection Authorities work together more closely.

Putting it Into Practice: The Privacy Shield survived another review intact, however pending litigation in the EU may cause the program to be examined again prior to the next annual review. With this in mind, companies should keep in mind that it is only one of several potential avenues for the transfer of personal information between the EU and the US. For participants, we will be monitoring to see if the EU’s encouragement of increased enforcement plays out with actions from the Department of Commerce and the FTC.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.

TRENDING LEGAL ANALYSIS


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335
Rachel Hudson, Lawyer, Sheppard Mullin, Intellectual Property Practice Group
Associate

Rachel Tarko Hudson is an associate in the Intellectual Property Practice Group in the firm's San Francisco office.

Areas of Practice

Rachel advises clients in the retail, technology, media, and other industries in online and mobile e-commerce transactions and vendor agreements, intellectual property licensing, commercial and development agreements, and other transactional matters. She assists clients in complying with domestic and international privacy laws, clearing advertising campaigns, conducting contests and sweepstakes promotional initiatives, and conducting e-mail, mobile, cause, and other forms of marketing. She also helps clients with trademark prosecution matters.

415.774.2999
Associate

Rebecca Mackin is an attorney in the Intellectual Property Practice Group in the firm's Chicago office.

312-499-6328

Julia Kadish is an attorney in the Intellectual Property Practice Group in the firm's Chicago office.

Areas of Practice

Julia's practice focuses on data breach response and preparedness, reviewing clients' products and services for privacy implications, drafting online terms and conditions and privacy policies, and advising clients on cross-border data transfers and compliance with US and international privacy regulations and standards. She also workes on drafting and negotiating software licenses, data security exhibits, big data licenses, professional...

312.499.6334