The European Commission on the Privacy Shield: All Bark and No Bite?

By: Kimberly A. Houser[*] and W. Gregory Voss[**]

Introduction

Much has been written about the difference in the privacy laws of the European Union and the United States and ideologies behind the two regimes.[1]  One risk of the increasing divergence in views on privacy is the potential halting of data transfers from the European Union to the United States by the European Commission (EC).  As data is a significant driver of the world economy,[2] special care must be taken both to ensure that data is able to cross borders easily, and individuals’ rights to data protection are respected.

The General Data Protection Regulation (GDPR)[3] prohibits the transfer of personal data outside of the European Economic Area (EEA) to countries without “adequate” privacy protections.  As the United States is considered to have insufficient protections, the EC requires that an approved mechanism, such as the Privacy Shield—its agreement with the United States that permits U.S. companies to self-certify that they will meet certain minimum privacy protections[4]—be used for such transfers.  Alternative mechanisms include standard contractual clauses (SCCs).[5]  Suspension of any one approved mechanism may call into question the legitimacy of the others.

Continue reading “The European Commission on the Privacy Shield: All Bark and No Bite?”