EU and U.S. Initiate Discussions for Enhanced Privacy Shield Framework

ESR Privacy Shield

Written By ESR News Blog Editor Thomas Ahearn

On August 10, 2020, the U.S. Department of Commerce (DoC) and the European Commission issued a joint press statement to initiate discussions evaluating the potential for an enhanced EU-U.S. Privacy Shield framework to comply with a judgment of the Court of Justice of the European Union (CJEU) that invalidated the Privacy Shield.

The CJEU issued a decision on July 16, 2020, that declared the EU-U.S. Privacy Shield was no longer a valid mechanism to transfer personal data from the European Union to the United States. Privacy Shield was launched in August 2016 to replace the EU-US. Safe Harbor framework that the CJEU invalidated in October 2015.

“The European Union and the United States recognize the vital importance of data protection and the significance of cross-border data transfers to our citizens and economies,” read the joint press statement from U.S. Secretary of Commerce Wilbur Ross and European Commissioner for Justice Didier Reynders.

“We share a commitment to privacy and the rule of law, and to further deepening our economic relationship, and have collaborated on these matters for several decades,” it continued. “Our partnership will strengthen data protection and promote greater prosperity for our nearly 800 million citizens on both sides of the Atlantic.”

The ESR News Blog reported in July 2020 that the CJEU decision invalidating the EU-U.S. Privacy Shield framework opened the door for the possible suspension of data transfers from the EU to the U.S. based on the Standard Contractual Clauses (SCCs), according to a CJEU press release about the ruling.

While the CJEU upheld the validity of the SCCs as a data transfer mechanism, the Court ruled that EU data protection regulators may suspend transfers of personal data from the EU to a third country, such as the U.S., after determining that the third country’s laws undercut SCCs protections for personal data. 

The Court’s invalidation turned primarily on the fact that the Privacy Shield allowed U.S. intelligence agencies to access personal data transferred from the EU to the U.S. in bulk and without any independent judicial recourse in the U.S. for EU residents who wish to lodge a complaint concerning such access. 

According to the CJEU, this means that Privacy Shield does not provide an adequate level of protection for transferred personal data as required by the General Data Protection Regulation (GDPR), an EU law on privacy that took effect in May 2018 and requires employers to provide data processing notices on a variety of topics. 

Employment Screening Resources® (ESR) – a leading global background check provider – adheres to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks and has incorporated fully compliant GDPR policies, procedures, and technologies. To learn more about ESR, visit www.esrcheck.com.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2020 Employment Screening Resources® (ESR) – Making copies of or using any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.