July 2, 2022

Volume XII, Number 183

Advertisement
Advertisement

July 01, 2022

Subscribe to Latest Legal News and Analysis

June 30, 2022

Subscribe to Latest Legal News and Analysis

June 29, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Waiting on a new EU-US Privacy Shield

It has been almost two years since the Privacy Shield was struck down as a valid data transfer mechanism in Schrems II. Many have been wondering “what’s next”? Will there be a replacement framework? When will that be released? Will the replacement be invalidated? Well, the European Commission and US recently announced an “agreement in principle” to replace the EU-US Shield Privacy Shield. The EDPB also recently released a statement welcoming the announcement, but reminding companies that the announcement is not actually a legal framework. Thus, nothing has changed… yet.

The new framework is intended to address several of the key concerns raised in Schrems II. The US highlighted that the framework will help ensure that:

  • intelligence collection may be undertaken only where necessary to advance legitimate national security objectives, and must not disproportionately impact the protection of individual privacy and civil liberties;

  • EU individuals may seek redress from a new multi-layer redress mechanism that includes an independent Data Protection Review Court; and

  • U.S. intelligence agencies will adopt procedures to ensure effective oversight of new privacy and civil liberties standards.

Putting it into Practice. For the time being, companies must continue to take necessary measures to comply with data transfer requirements of GDPR in light of Schrems II. This includes putting in place standard contractual clauses (or other appropriate safeguards), conducting transfer impact assessments, and putting in place any supplementary measures that might be needed. While a draft is expected to be released this year, it will then need to go through the adequacy decision process.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XII, Number 118
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Julia Kadish is an attorney in the Intellectual Property Practice Group in the firm's Chicago office.

Areas of Practice

Julia's practice focuses on data breach response and preparedness, reviewing clients' products and services for privacy implications, drafting online terms and conditions and privacy policies, and advising clients on cross-border data transfers and compliance with US and international privacy regulations and standards. She also workes on drafting and negotiating software licenses, data security exhibits, big data licenses, professional...

312.499.6334
Advertisement
Advertisement
Advertisement