Today the EU-U.S. Privacy Shield was approved by the EU Member States, which sets the stage for the European Commission to grant final approval to the Privacy Shield as a basis for EU-U.S. transfers of personal data.
This development follows criticisms of the Privacy Shield this past April from the Article 29 Working Party, an advisory group comprised of the EU privacy regulators. We summarized the primary criticisms in a prior blog post. The Working Party was responding to the draft adequacy decision that was released by the European Commission on February 29, 2016, which we summarized here. The revisions to the Privacy Shield are intended to address the criticisms of the Working Party but it is not yet clear if the criticisms have been fully reflected.
The European Commission will provide additional detail about how the Privacy Shield is intended to work in practice when the decision on the Privacy Shield is addressed. Organizations considering Privacy Shield as a basis for EU-U.S. data transfers will want to understand the details of the final decision to make an informed decision of whether the Privacy Shield is an appropriate approach for data transfers that they engage in.
For more information on the origins and implications of the Privacy Shield, see our prior blog posts: