Effective as of July 12, 2016, the European Union has implemented the new US-EU Privacy Shield (the “Privacy Shield”).  The Privacy Shield permits US organizations to self-certify that they meet the requirements for protecting Europeans’ personal data (“EU Data”), allowing them to receive such data from EU organizations.  The Privacy Shield is designed to replace the former US-EU Safe Harbor (the “Safe Harbor”), which was invalidated in a case decided by the Court of Justice of the European Union (the “CJEU”) in October of last year.

The Privacy Shield builds upon the framework of the Safe Harbor and addresses several of the concerns raised by the CJEU.  Most notably, the Privacy Shield incorporates several provisions that restrict the US government’s ability to access, collect and use EU Data.  There are, however, some broader changes that will affect other organizations:

  1. Onward Transfer of Data
  2. Dispute Resolution
  3. Reporting and Compliance

For further information on these three changes, please read our latest LEGALcurrents, “European Union Implements New Privacy Shield.”