What The 'EU-U.S. Privacy Shield,' The New Safe Harbor, Means For Your Business

Author:Ms Cynthia O'Donoghue, Daniel Kadar, Kate Brimsted, Thomas Fischl, Philip Thomas, Katalina Bateman, Doretta Frangaki, Caroline Gouraud, Chantelle A. Taylor, Tom C. Evans and Dr. Alexander Hardinghaus, LL.M.
Profession:Reed Smith

European Union and United States authorities have announced the "EU-U.S. Privacy Shield," a new transatlantic data transfer framework to replace Safe Harbor, which was invalidated by the European Court of Justice in October in Maximillian Schrems v. Data Protection Commissioner (C-362-14). Since this issue has clear implications for our pharmaceutical and medical device clients, we've covered it often, including here and most recently here.

The Privacy Shield is still a work in progress, so its final form is uncertain. (There are doubts that the framework will pass muster, with a Minister of the European Parliament calling it "a joke" that risks review before the European Court of Justice again.) Based on what we know at the moment, though, here's what the Privacy Shield means for your business:

For at least the near future, you'll still need an alternative method for complying with restrictions around international transfers of data. The Privacy Shield hasn't been finalized yet and there will be inevitable lead time to implementing it when it is. If you haven't plugged this gap risk, your company is subject to enforcement action by the EU Member States Data Protection Authorities. Certifying to the Privacy Shield will probably be demanding and costly. Organizations that were previously certified...

To continue reading