The Privacy Shield: Update on the state of play of the EU-US data transfer rules

Analiză aprofundată 26-07-2018

The CJEU’s Schrems judgment of October 2015, besides declaring the European Commission’s Decision on the EU-US ‘Safe Harbour’ data transfer regime invalid, has also settled a number of crucial requirements corresponding to the foundations of EU data protection. In less than one year from the CJEU ruling, the Commission had adopted a new adequacy decision in which the new framework for EU-US data transfer, the Privacy Shield (2016), is deemed to adequately protect EU citizens. The main improvements of the Privacy Shield (over its predecessor), as well as the critical reactions to the new arrangements, are discussed in this paper. The first joint annual review took place in September 2017 on which both the Commission and Article 29 Working Party issued their own reports. Although progress is recognised, a number of concerns remain and new challenges to the Privacy Shield have arisen, among others, from the Facebook/Cambridge Analytica scandal, as pointed out by the European Parliament in its recent resolution.