` U.S. Department of Commerce and the European Commission Discuss Revising the EU-U.S. Privacy Shield Framework Following Its Invalidation in Schrems II - Clarip Privacy Blog
ENTERPRISE    |    CONSUMER PRIVACY TIPS    |    DATA BREACHES & ALERTS    |    WHITEPAPERS

U.S. Department of Commerce and the European Commission Discuss Revising the EU-U.S. Privacy Shield Framework Following Its Invalidation in Schrems II

U.S. Department of Commerce and the European Commission Discuss Revision

In the August 10, 2020 Joint Statement from U.S. Secretary of Commerce Wilbur Ross and European Commissioner for Justice Didier Reynders, the U.S. Department of Commerce and the European Commission have indicated that both sides initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy Shield framework to comply with the recent judgment of the Court of Justice of the European Union in the Schrems II case. This judgment declared that this framework is no longer a valid mechanism to transfer personal data from the European Union to the United States.

According to the Joint Statement, “the European Union and the United States recognize the vital importance of data protection and the significance of cross-border data transfers to our citizens and economies. We share a commitment to privacy and the rule of law, and to further deepening our economic relationship, and have collaborated on these matters for several decades.”

The Privacy Shield is a voluntary, self-certification program and requires U.S. companies to commit to certain data management principles, including notice, choice, accountability for onward transfers and vendor agreements, security, data integrity, purpose limitation, and access. Companies are required to publicize their commitment, implement the principles, publicly disclose the organization’s privacy policy, and submit to an annual renewal of the certification, including the verification of ongoing compliance.

The Privacy Shield replaced the Safe Harbor data transfer framework which was invalidated by the CJEU in 2015 as a result of a legal challenge also brought by Max Schrems.

Following the Schrems II decision, the European Data Protection Board concluded that all transfers based on the Privacy Shield framework are now illegal. The U.S. Department of Commerce, on the other hand, vowed to “continue to administer the Privacy Shield program, including processing submissions for self-certification and re-certification to the Privacy Shield Frameworks and maintaining the Privacy Shield List.”

 Ask Clarip today how we can solve your biggest privacy compliance pain points, Call Clarip at 1-888-252-5653

Contact

  • 1521, Concord Pike, Suite #301,
    Wilmington, DE 19803 USA
  • 20 Montchanin Road, Suite 20,
    Greenville, DE 19807 USA
  • Contact Online

888-252-5653

About

Consumers

Businesses

The pixel
Show Buttons
Hide Buttons