The EU–US Privacy Shield was a framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States.
On July 16, 2020, the European Court of Justice, in a ruling called “Schrems II”, held that the EU-US Privacy Shield was not valid under EU law based on concerns with transferring European personal data from the EU to the US. The CJEU’s decision was based on (i) the limitations on the protection of personal data under U.S. law, and (ii) the disproportionate access and use of European Economic Area personal data by U.S. authorities with no effective redress mechanism for data subjects.
As the US economy struggles to recover from the COVID-19 pandemic, it is critical that companies — including the 5,300+ current Privacy Shield participants — be able to transfer data without interruption.
This program dissects the Court's decision, its impact on cross-border data transfers, and what companies can do to address the risks of global data management. Panelists invite you into a lively discussion that includes risk mitigation tactics for addressing data management that will comply with both domestic and international requirements in a post-Shrems II world.
Co-sponsored with the PBA Cybersecurity & Data Privacy Committee . Not a member? Join today!
Recorded on August 12, 2020.