European Union and United States officials announced early February 2016 a political agreement to create the “Privacy Shield”, an anticipated solution to the now defunct Safe Harbor framework. Finalizing a solution to avoid a potential cross-border data transfer standstill became urgent after Safe Harbor was invalidated in October 2015 and the EU Data Protection Authorities’ (DPAs’) grace period enforcing unlawful transfers expired on January 31, 2016. Though met with a sigh of relief by many, it may be wise to hold off on the Privacy Shield tickertape parade just yet. Officials expect its details to be released by the end of February (no documents or details accompanied the announcement) but it then must wind its way through the EU’s bureaucratic approval process and will likely be challenged in court after implementation. Nevertheless, there is a strong probability that the Privacy Shield will be the next alternative transfer mechanism available and businesses should pay close attention to it and its context when determining whether to undertake transatlantic data transfers.
Continue reading Kathryn’s publication featured on Lexology.