Privacy Shield 2.0?

The US and the European Union have recently opened talks around privacy protections for transatlantic data flows which could signal a resurrection of the Privacy Shield program.

This is the third attempt for an adequacy mechanism to replace Safe Harbor, and Privacy Shield 1.0 which were invalidated after successful lawsuits arguing that US security laws violated the fundamental rights of EU citizens. The evolution of this story is driven by Max Schrems lawsuits and Edward Snowden’s revelations of digital spying by US agencies. In the aftermath of these decisions, businesses have resorted to uncertain workarounds such as reliance on Standard Contractual Clauses Binding Corporate Rules, or Article 49 Derogations for data transfers.

US Commerce Secretary Gina Raimondo and EU Justice Commissioner Didier Reynders said in a joint statement that their governments agreed to intensify negotiations on the Privacy Shield, previously one of the main mechanisms governing data transfers from the EU to the US.

“It will provide comfort to those companies who are in limbo,” said Dona Fraser, senior vice president for privacy initiatives at BBB National Programs. The joint government statement points to an “enhanced” Privacy Shield, meaning parts of the policy mechanism that concern corporate data practices are unlikely to change significantly, Fraser said.

If a new Privacy Shield program emerges it will likely need to include assurances to the European Commission that there are adequate privacy protections and redress for data transfers, and limitations of the scope of intelligence-gathering. “Those are issues only the government can address,” said Peter Swire, a law and ethics professor at Georgia Institute of Technology and senior counsel with Alston and Bird LLP. “I believe the US government has provided or will soon provide a set of concrete proposals,” Swire said.

US surveillance reforms could pave the road for an updated version of the Privacy Shield, rather than a total replacement of the program. Caitlin Fennessy, research director at the International Association of Privacy Professionals, previously US. director for the EU-US Privacy Shield, said “it’s especially important for companies to see that negotiators don’t want to “reinvent the wheel” as other aspects of the data transfer regime remain in flux”.

EU Justice Commissioner Didier Reynders said in a speech to the American Chamber of Commerce to the EU, “Finding this solution is a priority in Brussels and in Washington DC,” he added a day after stepping up talks with US Commerce Secretary Gina Raimondo.

How quickly this develops and the final outcome of a Privacy Shield redux remain unknown. We will continue to monitor the progress of this and provide timely updates.

Give your customers a high-quality privacy user experience with WireWheel’s Trust Access and Consent Center.

Request Demo