The EU-U.S. Privacy Shield was adopted on July 12, 2016 as a replacement for the International Safe Harbor Privacy Principles. They were deemed invalid by the European Court of Justice (CJEU) following its decision in Maximillian Schrems vs. Data Protection Commissioner. Since the adoption of the EU-U.S. Privacy Shield, more than 3,200 organizations have self-certified and rely on the EU-U.S. Privacy Shield as a mechanism to comply with data protection requirements when transferring personal data from the European Union (EU) and Switzerland to the United States.
Why Is the EU-U.S. Privacy Shield Threatened?
Like its predecessor, the Safe Harbor Privacy Principles, the EU-U.S. Privacy Shield is under attack. Again, Facebook may be to blame. Specifically, on June 12, 2018, the Civil Liberties Committee of the European Parliament called on the Commission to suspend the EU-U.S. Privacy Shield in the wake of the Facebook-Cambridge Analytica data breach. The Members of the European Parliament (MEPs) are calling for the suspension of the EU-U.S. Privacy Shield unless U.S. authorities comply with its requirements in full by Sept. 1, 2018.
The Final Word for Now
The MEPs observed both Facebook and Cambridge Analytica are certified under the Privacy Shield. The Civil Liberties Committee Chair Claude Moraes said:
"The LIBE committee today adopted a clear position on the EU-U.S. Privacy Shield agreement. While progress has been made to improve on the Safe Harbor agreement, the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. It is therefore up to U.S. authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the GDPR."
The resolution to suspend the EU-U.S. Privacy Shield was passed by the Committee (29 votes to 25) and the full house is expected to vote in July.