With the recent approval of the EU-US Privacy Shield framework and the ability to start filing online registrations on 1 August, many companies have questions about the advantages and disadvantages of Privacy Shield as compared to other cross-border transfer mechanisms to cover trans-Atlantic data flows.
To answer your questions, we publish here International Data Transfers – Considering your options, a high-level analysis of the EU cross-border transfer options for companies—including the EU Standard Contractual Clauses, Intra-Group Agreements and other ad-hoc contracts, Binding Corporate Rules, Privacy Shield, and Consent—and the pros and cons of choosing each one.
Astute readers of the Chronicle of Data Protection will recognise this as an update of our publication last October of a similar chart after Safe Harbor first was invalidated. Since then, the European Commission’s determination that Privacy Shield provides an adequate level of data protection provides another option on a menu of choices for EU entities looking to transfer personal data to the United States, and US companies looking to demonstrate their reliability to EU organisations.
In particular, we identify the following advantages of Privacy Shield:
- The European Commission and US Government have purposely addressed Safe Harbor’s weaknesses.
- Improvements to Privacy Shield’s original version will help overcome objections from EU data protection authorities.
- While only covering transfers to the US, Privacy Shield provides a basis for global compliance programs.
- Privacy Shield helps avoid some cumbersome contract negotiations compared to the standard contractual clauses and ad-hoc contracts.
And the following disadvantages:
- Privacy Shield’s adequacy is likely to be challenged in the Court of Justice of the European Union, so its legal uncertainty will continue (although the standard contractual clauses are also currently subject to a legal challenge in the EU).
- There is continued scepticism by some individual EU data protection authorities about Privacy Shield, despite its formal approval by the European Commission.
- There is likely to be additional compliance scrutiny from US regulators in enforcing Privacy Shield as compared to Safe Harbor, including handling requests for investigation from EU data protection authorities.
To download International Data Transfers: Considering your options, click here.
Stay tuned for more analysis of Privacy Shield, including a forthcoming analysis of the differences between Safe Harbor and Privacy Shield.