Legal Business Blogs

‘A little upgrade’: Privacy Shield in force but legal challenge still expected

Despite the European Commission’s new data privacy framework coming into force this week, City lawyers still believe a legal challenge is likely.

The framework now called Privacy Shield, was adopted by the European Commission yesterday (12 July) and makes it easier for organisations to transfer data across the Atlantic. The framework replaces invalidated ‘Safe Harbour’ scheme.

Under the new rules, US organisations will have to apply for certification under the new Privacy Shield from August to import data from EU.

The European Commission said the Privacy Shield puts stronger obligations on companies handling data and safeguards on US government access to data. It also offers the possibility of free dispute resolution and the chance for EU citizens to bring complaints to a US intelligence ombudsman reporting to the Secretary of State.

But the new privacy shield has come under scrutiny from City data protection lawyers. Taylor Wessing head of UK data protection Vinod Bange said it was ‘not the end of the story on EU-US data transfers’.

Bange (pictured) said: ‘EU organisations transferring personal data to the USA should have the comfort of knowing that there will be no barriers to data transfers where a US organisation has signed up to the Privacy Shield and complies with its requirements.’

However, Bange added new framework was likely to face a legal challenge from Schrems and other privacy activists.

Dentons co-chair of data privacy Nick Graham told Legal Business: ‘Privacy Shield is a substantial improvement on Safe Harbour with much more robust redress mechanisms and a proper assessment of US privacy adequacy. Inherently there could be a challenge because there remains a question on essential equivalence [between US and European privacy laws].’

Graham said some firms would sign up to Privacy Shield to keep data flowing, but others were likely to wait until after the expected legal challenge.

He said: ‘We need to find a way to transfer data internationally, we can’t simply pull up the digital drawbridge. Shutting down the options is no realistic solution.’

Schrems said the new regulation was very likely to fail again and was a ‘little upgrade’ from Safe Harbour.

He added: ‘This deal is bad for users, which will not enjoy proper privacy protections, and bad for businesses, which have to deal with a legally unstable solution.’

European Commission Digital Single Market vice president Andrus Ansip said in a statement: ‘Data flows between our two continents are essential to our society and economy – we now have a robust framework ensuring these transfers take place in the best and safest conditions.’