On February 29, 2016, the European Commission unveiled the text of the EU-U.S. Privacy Shield. The Privacy Shield is designed to replace the invalidated EU-U.S. Safe Harbor Framework and to provide a new legal framework for data transfers from the EU to the U.S. Although the Privacy Shield is based on the same principles as the Safe Harbor Framework, the Privacy Shield differs significantly in a number of key respects, most notably by creating new redress mechanisms and imposing stricter and more prescriptive obligations for companies.
Although this announcement is a major step towards a new data transfer regime, full adoption still faces review and other hurdles before the Privacy Shield will take effect. Specifically, the Privacy Shield will now be reviewed by the body of EU privacy regulators—the Working Party 29 or WP29—and will have to be formally adopted by the EU Commission before being available as a data transfer solution. We expect the approval process to take at least a few months. If adopted, it will almost certainly face immediate challenges before EU Data Protection Authorities (DPAs) and in the courts.
Click here to read our complete WSGR Alert examining the new Privacy Shield.