EU-US Privacy Shield: Good News & Bad News

Home » News and Insights » Insights » EU-US Privacy Shield: Good News & Bad News

EU-US Privacy Shield NewsWe’ve got some good news and some bad news regarding the EU-US Privacy Shield, the trans-Atlantic data transfer framework approved by regulators in July of 2016. The good news first: The U.S. Department of Commerce recently approved DiscoverReady’s Privacy Shield self-certification submission, which means that our clients may lawfully transfer personal data from the EU to us in connection with our work for them. You can review our self-certification here.

EU-US Privacy Shield News

Now the bad news: At least two lawsuits have been filed challenging the adequacy of the Privacy Shield framework. The first was brought by Digital Rights Ireland, a privacy advocacy and lobbying group. The lawsuit alleges that certain U.S. laws which permit the government to access personal information (in some instances, secretly) are inconsistent with EU laws protecting individual rights. Accordingly, the suit requests annulment of the decision approving the Privacy Shield framework. In a separate filing, the French digital rights group La Quadrature du Net challenges the effectiveness of the U.S. Ombudsman in dealing with Privacy Shield complaints, alleging that the Ombudsman is not sufficiently independent.

These legal challenges to Privacy Shield were not unexpected, however. In the wake of the framework’s approval, many privacy rights advocates criticized the agreement, alleging that it didn’t go far enough to correct the failings of the former Safe Harbor framework. So, while many U.S. organizations—including DiscoverReady—welcome the new framework and rely on its protocols, companies that routinely transfer personal information from the EU to the U.S. should still consider alternate methods of compliance with EU law, such as model contract clauses and binding corporate rules.

We’ll continue to monitor developments around the Privacy Shield challenges, and provide updates here on the blog.

Author Details
Senior Vice President, Discovery Strategy & Data Privacy/Security
A recognized thought leader in e-discovery, Maureen collaborates with the company’s clients and operations teams to develop innovative information strategies for legal discovery, compliance, and sensitive data protection. She speaks and writes frequently on significant issues in e-discovery and information governance, and participates actively in the Sedona Conference Working Groups on Electronic Document Retention and Production and Data Privacy and Security. Prior to DiscoverReady, Maureen was a partner at Paul Hastings LLP, where she represented Fortune 100 companies in complex employment litigation matters.
Posted on