On October 18, 2017, the EU Commission published its report on the review of the functioning of the EU-US Privacy Shield, which was established to allow the transfer of personal data from the European Union to the United States. As you may recall, the Privacy Shield was put in place following a European Court of Justice ruling that found the former legal framework for the transfer of personal data from the European Union to the United States (the Safe Harbor scheme) contravened EU law and was thus invalid.

One of the components of the Privacy Shield is that the EU Commission conduct an annual review of its functioning. Such a review was conducted, the results of which were published in the abovementioned report. According to the review, the EU Commission concluded that the United States continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the European Union to organizations in the United States.

This report was published only two weeks after the Irish High Court referred a case concerning data transfers from the European Union to the United States to the European Court of Justice. In that case, the complainant argued that the transfer of personal data from the European Union to the United States by Facebook, on the basis of standard contractual clauses, should be suspended, as these clauses did not provide adequate protection to the personal data, due to the fact the US government had direct access to the personal data stored in the United States.

The issue of the transfer of personal data from the European Union to the United States, as well as the protection granted to such information, will continue to be very closely reviewed and assessed by various stakeholders. There is no doubt the continued use and implementation of the Privacy Shield is vital to the global economy. Any breakdown of this scheme, or any disruptive judgement of the European Court of Justice as to the transfer of personal data from the European Union to the United States, will wreak havoc and require a substantial restructuring of the operational behavior and privacy practices of numerous businesses and enterprises.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.