Data Protection Report - Norton Rose Fulbright

On July 8, 2016, European Member States approved the proposed EU-US Privacy Shield framework, with four Member States – Austria, Bulgaria, Croatia, and Slovenia – reportedly abstaining. Before the framework can be implemented, formal approval by the European Commission is required. Although the European Commission has yet to formally release a copy of the revised text, an alleged leaked copy is circulating online.

As we have covered, Privacy Shield is the successor agreement to the US-EU Safe Harbor Framework, which the European Court of Justice invalidated in October 2015. The Privacy Shield is intended to provide companies with a legal basis permitting the transfer of personal data from the EU to the US as an alternative to other mechanisms, such as Standard Contractual Clauses and Binding Corporate Rules.

Our Take

Approval by the EU Member States is a significant step toward formal adoption of the Privacy Shield and brings another functional cross-border data transfer mechanism closer to reality. Having a viable mechanism in place is of great importance, as other transfer mechanisms have been challenged.

We will update the Data Protection Report with further Privacy Shield developments.

Anna Rudawski, an Associate in the New York office, contributed to this post.

To subscribe for updates from our Data Protection Report blog, visit the email sign-up page.