The EU/US Privacy Shield is how personal data can be transferred from an EU country to a US organisation or company.
These “transatlantic data flows” states Leo Moore of William Fry was part of a 1995 Directive where the EU could pass data to a 3rd country outside the EU if they had adequate data protection plans in place.
Known as “Safe Harbour 2.0” came under attack when Edward Snowden made headlines in 2013. Along with Max Schrems and Facebook being played out within Ireland. The EU and US as Moore states “had a bit of a scramble” to put together something that corrected what safe harbour had in place.
Today we see in draft form this EU/US Privacy Shield, whereby companies are held by a self-certification process that sees them commit to a set of principles. However, Moore goes on to state that because this is still in draft form it is “unreliable” on a legal basis for data transfer to US companies.
The privacy shield is there to uphold the fundamental rights of EU citizens and even though it has made significant changes from Safe Harbour 2.0 there are still concerns surrounding the draft document.
Concerns raised include “massive and indiscriminate surveillance” the “onward transfer of data by the privacy shield entity” and how EU individuals have “difficulty to effective and independent resources to exercise their right”.
An interesting topic that will certainly be one to watch in the coming months!