• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

McCarter & English Logo

  • People
  • Services
  • Insights
  • Our Firm
    • Leadership Team
    • Social Justice
    • Diversity, Equity & Inclusion
    • Pro Bono
    • Client Service Values
    • Alumni
  • Join Us
    • Lawyers
    • Summer Associates
    • Patent Professionals
    • Professional Staff
    • Job Openings
  • Locations
    • Boston
    • Philadelphia
    • East Brunswick
    • Indianapolis
    • Stamford
    • Hartford
    • Trenton
    • Miami
    • Washington, DC
    • New York
    • Wilmington
    • Newark
  • Share

Share

Browse Alphabetically:

  • A
  • B
  • C
  • D
  • E
  • F
  • G
  • H
  • I
  • J
  • K
  • L
  • M
  • N
  • O
  • P
  • Q
  • R
  • S
  • T
  • U
  • V
  • W
  • X
  • Y
  • Z
  • All
Bankruptcy, Restructuring & Litigation
Blockchain, Smart Contracts & Digital Currencies
Business Litigation
Cannabis
Coronavirus Resource Center
Corporate
Crisis Management
Cybersecurity & Data Privacy
Delaware Corporate, LLC & Partnership Law
Design, Fashion & Luxury
E-Discovery & Records Management
Energy & Utilities
Environment & Energy
Financial Institutions
Food & Beverage
Government Affairs
Government Contracts & Global Trade
Government Investigations & White Collar Defense
Healthcare
Hospitality
Immigration
Impact Investing
Insurance Recovery, Litigation & Counseling
Intellectual Property
Labor & Employment
Life Sciences
Manufacturing
Products Liability, Mass Torts & Consumer Class Actions
Public Finance
Real Estate
Renewable Energy
Sports & Entertainment
Tax & Employee Benefits
Technology Transactions
Transportation, Logistics & Supply Chain Management
Trusts, Estates & Private Clients
Venture Capital & Emerging Growth Companies
  • Broadcasts
  • Events
  • News
  • Publications
  • View All Insights
Search By:
Publications|Alert

It’s Time. Pick up the Shield.

Cybersecurity & Data Privacy Alert

7.27.2016

When the new EU-US Privacy Shield was adopted all the way back on the 12th of July, we were quoted in the media discussing the fact that formal legal challenges to it were inevitable.  By the time the dust settled enough to issue our more comprehensive view here, it looked like such a challenge would be sufficiently far into the future that adoption of the new regime was probably the most cost-effective course for most companies. That view received some affirmation yesterday when the EU Data Protection Authorities’ Article 29 Working Party released a statement saying they would not seek to challenge the adequacy of Privacy Shield for at least a year. 

Although its name does not exactly roll off the tongues of most Americans, the Article 29 Working Party a highly influential body in the world of EU data privacy legislation.  Its members are representatives of the individual Data Protection Authorities or DPAs from each of the EU member nations.  Previously, the Article 29 Working Party had been critical of the Privacy Shield so this news about refraining from a formal challenge to its adequacy is significant.  In fact, many EU observers believe it may signal a new phase of flexibility in which the Article 29 Working Party will be more willing to tolerate refinement of the specific areas it feels are inadequate, rather than the scorched-earth, complete invalidation approach it supported in the case of the old Safe Harbor regime. 

Here’s a recap of what you need to know about the EU-US Privacy Shield:

What is the Privacy Shield?
a new arrangement between the US and EU governments adopted July 2016
replaces the old Safe Harbor arrangement held invalid by the European Court of Justice in October 2015
is now one of the core methods for companies to comply with the EU Privacy Directive
Does my company need it?

Do you export data to the US from an EU country listed here and/or from Switzerland?  If you said yes, then you have to comply with the EU Privacy Directive in some manner.

How do we get it?

Companies can apply to the US Dept. of Commerce commencing August 1, 2016
What’s required?

Minimally, companies will need to:
review (or create) internal policies for collecting, securing and using personal information
review and revise online privacy policies to meet specific Privacy Shield requirements
put compliant contracts/addenda in place with third-party vendors
put intracompany procedures in place with affiliates
designate an internal contact to receive privacy-related complaints
choose an approved dispute resolution mechanism
confirm compliance annually through self- or third-party assessments

sidebar

pdfemail

Related People

Media item: Steven H. Weisman
Steven H. Weisman

Partner

Related Services

Cybersecurity & Data Privacy
Subscribe to our Insights
McCarter & English, LLP
Copyright © 2023 McCarter & English, LLP. All Rights Reserved.
  • Login
  • Attorney Advertising
  • Privacy
  • Awards Methodology
  • Contact
  • Subscribe
  • Sitemap

The McCarter & English, LLP website is for informational purposes only. We do not provide legal advice on this website. We can provide legal advice only to our clients in specific inquiries that they address to us. If you are interested in becoming a client, please contact us, but do not send any information about your specific legal question. We cannot serve as your lawyers until we establish an attorney-client relationship, which can occur only after we follow procedures within our firm and after we agree to the terms of the representation.

Accept Cancel