EU-U.S. Privacy Shield May Face Challenges from Data Protection Authorities

 privacy_shield

Written By ESR News Blog Editor Thomas Ahearn

The EU-U.S. Privacy Shield Framework launched on August 1, 2016, to replace the invalidated Safe Harbor agreement for data transfers between the European Union (EU) and the United States (U.S.) may face challenges from Data Protection Authorities (DPAs) in 2017, according to an article on the International Association of Privacy Professionals (IAPP) website.

The article from The Privacy Advisor on the IAPP website reports that Hamburg DPA Johannes Caspar wants to ask the Court of Justice of the European Union (CJEU) – the same court that declared Safe Harbor an invalid “adequacy decision” in a ruling on October 6, 2015 – if the EU’s decision to agree to the Privacy Shield Framework with the U.S. is valid.

“The decision of the EU Commission concerning the Privacy Shield constitutes a new legal ground for data subjects… On the other hand, I have serious doubts whether this adequacy decision meets the legal requirements of the principle of proportionality and judicial redress in the Safe Harbor judgement,” Caspar told The Privacy Advisor in an email.

Caspar – who hopes legal changes in Germany will allow their DPAs to challenge adequacy decisions as soon as 2017 – continued: “It is expected that sooner or later the CJEU will assess whether the access by public U.S. authorities to personal data transferred under the Privacy Shield is limited to what is strictly necessary and proportionate in a democratic society.”

Caspar concluded: “If there is a legal way to seek reference to the CJEU – and we hope that the national lawmaker will enact a law for national DPAs soon – we will take all appropriate steps for getting a ruling on the validity of the Commission’s decision.” The full article is on the IAPP website at https://iapp.org/news/a/hamburgs-dpa-aiming-to-challenge-privacy-shield/.

The EU-U.S. Privacy Shield Framework was designed by the Department of Commerce and the European Commission to provide companies transferring data between the EU to the U.S. with a mechanism to comply with EU data protection requirements. More information about the EU-U.S. Privacy Shield Framework is available at www.privacyshield.gov.

ESR Has Received EU-U.S. Privacy Shield Certification

Employment Screening Resources® (ESR) has received notification from the U.S. Department of Commerce’s International Trade Administration (ITA) that ESR’s self-certification of adherence to the EU-U.S. Privacy Shield Framework is approved and effective as of August 12, 2016. To learn more, visit www.esrcheck.com.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2016 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.