July 15, 2020

Volume X, Number 197

July 15, 2020

Subscribe to Latest Legal News and Analysis

July 14, 2020

Subscribe to Latest Legal News and Analysis

July 13, 2020

Subscribe to Latest Legal News and Analysis

Urgent Message: Privacy Shield Notices Need Updating Before No-Deal Brexit Withdrawal Date

Privacy Shield participants must update their privacy notices by March 29, 2019 (if the UK crashes out of the EU then with no deal) to continue to rely on the Privacy Shield for UK to US transfers post-Brexit. Privacy Shield certification is available to US companies as a lawful mechanism to transfer personal data from the EU (and soon to be the EU and the UK) to the US as well as from Switzerland to the US (if companies register with both Privacy Shield Frameworks).

There is urgency to this task. With about ten days to go, affected US companies should to include required language in their privacy policies to beat the deadline. Companies relying on the Privacy Shield for non-human resources (HR) data only need to update their online privacy policies. Companies that also rely on Privacy Shield for HR data must also update those employee notices (if customer and employee notices are separate).

The US Department of Commerce provided model language to be added to applicable privacy notices on the Privacy Shield website available on its FAQ page.

After the Brexit date, companies that selected the EU Data Protection Authority as the independent recourse mechanism will be understood to have committed to cooperate and comply with UK’s Information Commissioner’s Office with regard to personal data received from the UK in reliance on Privacy Shield.

Copyright © 2020 Womble Bond Dickinson (US) LLP All Rights Reserved.National Law Review, Volume IX, Number 77


About this Author

Theodore Claypoole, Intellectual Property Attorney, Womble Carlyle, private sector lawyer, data breach legal counsel, software development law
Senior Partner

As a Partner of the Firm’s Intellectual Property Practice Group, Ted leads the firm’s IP Transaction Team, as well as data breach incident response teams in the public and private sectors. Ted addressed information security risk management, and cross-border data transfer issue, including those involving the European Union and the Data Protection Safe Harbor. He also negotiates and prepares business process outsourcing, distribution, branding, software development, hosted application and electronic commerce agreements for all types of companies.


Taylor Ey, Intellectual property attorney, Womble Carlyle, Law Firm

Taylor is an associate in the Intellectual Property Practice Group in Womble Carlyle’s Research Triangle Park Office.


J.D. | 2016 | Wake Forest University School of Law | cum laude | Notes and Comments Editor, Wake Forest Law Review, 2015-2016 | Teaching Assistant, Legal Analysis, Writing and Research I & II, Writing for Judicial Chambers

M.S. |2012 | The Ohio State University | Biomedical Engineering

B.S. | 2011 | The Ohio State University | Biomedical Engineering | Minor, Life Sciences | cum laude