Privacy Shield is gone but not forgotten.

Adam C. Schlosser, for the International Association of Privacy Professionals (IAPP), writes on why the EU-U.S. Privacy Shield is still a useful data protection governance tool.

“Simply leaving the Privacy Shield program or disregarding its principles would be a mistake, particularly for those organizations that have already built

U.S. Secretary of Commerce Wilbur Ross and European Commissioner for Justice Didier Reynders issued a joint statement on Privacy Shield III:

“The U.S. Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy Shield framework to comply with the July 16 judgment of the Court of

New Zealand’s Data Protection Authority has offered its take on the Schrems II ruling that invalidated EU-U.S. Privacy Shield.

“The Schrems litigation has again sent international shock waves in striking down a key EU/U.S. arrangement designed to facilitate data flows known as the Privacy Shield.”

“The decision does not directly affect transfers of data from

Leaders of key U.S. Senate and House committees wrote to the U.S. Secretary of Commerce and the Chairman of the Federal Trade Commission asking that they work closely and expeditiously with their European counterparts to issue interim guidance to make sure that consumer and business services are not unduly disrupted, and personal data is protected

The U.S. Department of Commerce (DoC)has updated its Frequently Asked Questions piece on the Swiss-U.S. Privacy Shield to address questions raised by the the Schrems II decision regarding the EU-U.S. Privacy Shield.

Key takeaways:
  • The court’s decision does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the EU-U.S. Privacy Shield Framework.

The Information Technology Industry Council (ITI) issued a statement on Schrems II: Many small and medium sized enterprises (SMEs) are affected by the Court of Justice of the European Union decision and need guidance and a solution.

“We encourage the U.S. and EU governments to work together to ensure that companies can fully and safely

Norway’s Datatilsynet issues detailed FAQ’s on #SchremsII:

Notable takeaways:

“[T]he additional measures…could potentially be…legal, technical or organizational measures. At present…there is great uncertainty about what kind of additional measures may be sufficient if the third country has laws that take precedence over…or otherwise lower the level of protection. This means that at present it is

  • The Bailiwick of Guernsey’s Office of Data Protection Authority has stated its position on #SchremsII: You must invest resources into ensuring appropriate safeguards are in place.
  • Identify if you have been relying on the EU-U.S. Privacy Shield for data transfers. Check the terms of service, contracts or privacy statements for all third parties you

Germany’s  Datenschutzkonferenz (DSK) issues its guidance on Shrems II:

  • The transfer of personal data to the United States based on Privacy Shield is not permitted and must be discontinued immediately.
  • Standard contractual clauses can continue to be used, but, depending on the result of the assessment of the data exporter, additional measures may be required.

The UK’s Information Commissioner Office’s has issued a revised statement on the Schrems II.

“Further work is underway by the European Commission and EDPB to provide more comprehensive guidance on extra measures you may need to take. In the meantime you should take stock of the international transfers you make and react promptly as guidance