According to reports, the European Union and the United States have agreed on changes to the EU-U.S. Privacy Shield (Privacy Shield) which will be sent to the EU member states and the college of the 28 EU commissioners ultimately paving the way for final approval early next month.  “We have agreed on the changes and will be able to adopt it in early July,” said European Commission spokesman Christian Wigand.

Addressing many of the concerns expressed with the original draft of the Privacy Shield, the revisions include stricter rules for organizations which hold information on European citizens as well as clearer limits on U.S. surveillance.  The revisions are also reported to include requirements for companies to delete personal data which no longer serves the purpose it was collected for as well as requirements for third party organizations processing data to guarantee the same level of protections as companies who have directly signed up under the Privacy Shield.

Once approved, the revised Privacy Shield will replace the invalidated EU-U.S. Safe Harbour and provide a way for organizations to transfer data across the Atlantic.  Nevertheless, it is likely the Privacy Shield will face difficult tests in court requiring vigilance as organizations look to get back to the level of stability previously provided by the Safe Harbour for transatlantic transfers of data.

While the Privacy Shield remains pending, the European Commission has issued guidance on transatlantic data transfers.

Tags: employee, employer, enforcement, European Commission, European Union, information risk, privacy, Privacy Shield, restrictions, Safe Harbour, Schrems, United States
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jason C. Gavejian Jason C. Gavejian

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy…

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular contributor to, the firm’s Privacy blog.

Jason’s work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Jason helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Jason assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Read more about Jason C. Gavejian
Show more Show less
Related Posts
Recent HIPAA Settlement Offers Lessons on Data Disposal and the Meaning of PHI
August 24, 2022
Massachusetts Legislature Evaluates Its Own Comprehensive Consumer Privacy Law
February 15, 2022
The RIPTA Data Breach May Provide Valuable Lessons About Data Collection and Retention
January 12, 2022