Privacy Shield Revoked


                                   What This Means for EU-US Commercial Data Transfers

                            By Dan Piazza, Technical Product Manager, Stealthbits Technologies


            On July 16th, the European Court of Justice (ECJ)  struck down the EU-US data privacy agreement
            named Privacy Shield, which many organizations rely on to transfer data between the EU and the U.S.

            Privacy Shield was enacted in 2016 as a replacement for the Safe Harbor Privacy Principles, which were
            also struck down by the ECJ in 2015. In addition to being a replacement for the Safe Harbor Privacy
            Principles, Privacy Shield was designed to protect the fundamental rights of data subjects in the EU
            whose personal data is transferred to the U.S. for commercial purposes.


            The primary goals of the Privacy Shield framework were:

               •  Strong data protection obligations on companies receiving personal data from the EU

               •  Safeguards on U.S. government access to data

               •  Effective protection and redress for individuals

               •  An annual joint review by the EU and U.S. to monitor the correct application of the arrangement








            Cyber Defense eMagazine – September 2020 Edition                                                                                                                                                                                                         110
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.