In the much anticipated first annual review of the EU-US Privacy Shield program, the European Commission concluded that the program continues to provide adequate protection for personal information transferred from Europe to the United States. The Privacy Shield lets EU entities send personal information to participating US companies without running afoul of EU law – law which prohibits the exporting of personal information to entities located in countries whose laws were not deemed “adequate” (except in certain limited circumstances). The US has not been deemed to have “adequate” laws (only a few non-EU countries have been determined adequate, among them Canada, Israel, New Zealand, Switzerland and Uruguay).
Continue Reading EU Concludes Privacy Shield Still Adequate

On February 29, 2016, the European Commission and United States released the terms of the much-anticipated renewed framework for the transfer, sharing, and processing of European individuals’ data to the United States. The framework replaces the “Safe Harbour” mechanism, which enabled U.S. companies to transfer data from the EU to the United States by self-certifying that their practices ensured an adequate level of protection for personal data under the EU Data Protection Directive. In October, the “Safe Harbour” framework was declared invalid by the European Court of Justice in the Schrems decision covered earlier in this blog.
Continue Reading EU-US Privacy Shield: Brace Yourself . . . or Maybe Not