News and Insights

News

Our latest news and deal insights.

Filter by clicking on the category links.

Privacy Shield Ruling

Court has ruled that the Privacy Shield framework is no longer valid for the purpose of US/EU data transfers amid fears over surveillance and the lack of data safeguards in the US.

Stacks Image 24188
The Privacy Shield is a framework which was implemented in 2016 to regulate secure transfer of personal data across the European Union and the Unites States to enable easier transfer of personal data to the US under the EU data privacy rules.

Today in Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems C-311/18, the European Court of Justice has delivered its binding ruling with regards to data transfers from the EU to the US. A key ECJ ruling effectively rejected the Privacy Shield framework agreement between the EU and the US over the clash of the EU privacy regime and the US surveillance laws.

Accordingly, it is no longer lawful to transfer personal data from the EU to the US on the basis of the Privacy Shield framework.

Despite the rejection of the Privacy Shield framework, transfers on the basis of the Standard Contractual Clauses framework have been upheld and remain to be a valid data sharing tool which is used by millions of companies across the world.

We are aware that many of our clients may be transferring personal data on the basis of the Privacy Shield framework. Accordingly, we advise our clients to check:

  1. if you or any of your contractors, who have access to your personal data, store such data on the servers located in the US; and

  1. ensure that transfer of personal data from the EU to the US is on the basis of the Standard Contractual Clauses rather than the Privacy Shield framework.

Please contact us if you are unsure what this might mean for you.
Author

Back

Avery Law is the business and trading name for a legal practice carried on by Avery Law LLP. Avery Law LLP is a limited liability partnership, registered in England and Wales, with registered number OC374426, with its registered office at 25 Wilton Road, London, SW1V 1LW.

Avery Law LLP is authorised and regulated by the Solicitors Regulation Authority of England and Wales (SRA ID: 568560).

Avery Law LLP is registered with the Information Commissioner’s Office (ICO) with registration number ZA135485.

  • Legal500

Subscribe to our mailing list in order to opt-in to receive our publications, deal insights or event invitations.
Stacks Image p22492_n233

© Avery Law LLP 2020 - All rights reserved.