EU Top Court Strikes Down Privacy Shield, CCIA Calls for Urgent Legal Certainty and Solutions

BY Heather Greenfield
July 16, 2020

Brussels, BELGIUM — The European Court of Justice (CJEU) issued a landmark ruling today that invalidates Privacy Shield, a key legal mechanism which thousands of companies use to transfer commercial data from the EU to the United States.

The CJEU ruled that the Privacy Shield decision does not comply with EU law. Among other things, the Court held U.S. law does not provide sufficient protection of EU personal data despite the public authorities access limitations provided in the Privacy Shield decision. The Court also takes issue with the Privacy Shield mechanism for EU individuals to seek judicial protection when their data is potentially accessed by U.S. public authorities.  

Over 5,000 companies have signed up to the Privacy Shield framework. 70% of them are small and medium-sized businesses. Many U.S. subsidiaries of European companies have also joined.

The CJEU did confirm that Standard Contractual Clauses (“SCCs”), another popular mechanism, remain valid to transfer data outside Europe. However, Data Protection Authorities must suspend or prohibit data transfers under SCCs if the laws of the country of destination are such that the contractual safeguards cannot be met by either one of the parties.

The following can be attributed to Alexandre Roure, CCIA Public Policy Senior Manager:

“This decision creates legal uncertainty for the thousands of large and small companies on both sides of the Atlantic that rely on Privacy Shield for their daily commercial data transfers. We trust that EU and U.S. decision-makers will swiftly develop a sustainable solution, in line with EU law, to ensure the continuation of data flows which underpins the transatlantic economy. We hope enforcement authorities will grant Privacy Shield signatories time to migrate to alternative legal mechanisms.”

For media inquiries, please contact Communications Director Heather Greenfield hgreenfield@ccianet.org

 

Related Articles

CCIA Responds To Draft Australian Regulations Aimed At US Tech Companies

Jul 31, 2020

Washington —  The Australian government has announced that the Australian Competition and Consumers Commission (ACCC) has released its draft Mandatory News Media Bargaining Code of Conduct that regulates digital platforms´ commercial relationships with Australian media companies. The Australian Government has decided that these new regulations will only be applicable to Google and Facebook. The Computer…

CCIA Offers Comments To USTR On Digital Tax Proposals

Jul 14, 2020

Washington – The U.S. Trade Representative has asked stakeholders for feedback as part of its investigation into various overseas digital taxes, which target U.S. companies. USTR is already investigating a French digital tax and announced suspended tariffs when and if the tax is collected against U.S. companies early next year. The Computer and Communications Industry…

USTR Announces Sanctions Against France in Digital Tax Investigation

Jul 10, 2020

Washington — USTR has announced sanctions against France that will remain suspended until France starts collecting duties under the French digital services tax. This follows USTR’s conclusion in the Section 301 investigation into the French tax that the tax discriminated against US firms.  Several countries are in various stages of implementing digital taxes targeted at…