Privacy Shield Approved But Not Yet Adopted
On Friday, July 8th, commercial data transfers from between the U.S. and the E.U. received a much needed boost (see article). The 28 Member States of the European Union voted to approve the revised Privacy Shield agreement by a vote of 24-0, with 4 abstentions allegedly from Austria, Bulgaria, Croatia and Slovenia (see article). The Privacy Shield agreement replaces the invalidated Safe Harbor agreement. Privacy Shield provides a much needed basis for businesses to transfer personal data between the U.S. and the E.U., beyond the still valid Standard Contractual Clauses or Binding Corporate Rules. This is important because Standard Contractual Clauses, which have been a popular backup method to continue data transfers, are being challenged in a case referred to the European Court of Justice by Irish Data Protection Authority (see article). Although the revised agreement has not been released, an alleged copy is available. Among the notable changes include tightened rules for holding information on European citizens, such as, deleting personal data and requiring third-party data processors to guarantee the same level of protection as Privacy Shield enrolled businesses. The next steps in this saga will be the formal adoption of the Privacy Shield agreement by the European Commission (see article) followed by a presumed legal challenge to the agreement by privacy advocates (see article).