Preiskel & CoPreiskel & Co
Preiskel & Co
A boutique law firm in London
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Karthyaeni Vittala
    • Tina Cowen
    • Xavier Prida
    • Martina Raciti
    • Ewelina James
    • Rachael Machado
    • Maria Constantin
    • Peter Dally
    • Richard Stewart
    • Joanna Coombs-Huang
    • Paul Stelges
    • Hannah Leader
    • Alison MacFarlane
    • Ilanit Appelfeld
    • Daniel Oakland
    • Sophia Yakhno
    • Sue Warwick
    • D A T Green
    • Antony Corel
    • Stewart White
    • Mor Swiel
    • Stephen Hornsby
    • Tony Curzon-Price
    • Robert Harvey
    • Shardi Shameli
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

EU-US Privacy Shield invalidated by ECJ

August 3, 2020By Preiskel & Co

The European Court of Justice (“ECJ”) has ruled that the EU-US Privacy Shield is unlawful and invalid.

The Privacy Shield was an agreement between the EU and the US, which governed data transfers between the two territories. In a 2016 decision, the European Commission had found that the protection provided by the Privacy Shield was adequate.

The ECJ invalidated the European Commission’s 2016 decision, finding that the Privacy Shield failed to adequately protect EU citizens’ privacy, with the risk that citizens’ rights under the General Data Protection Regulation (“GDPR”) would be violated. Specifically, the court found, that the protections offered in the Privacy Shield agreement were not “essentially equivalent to those required under EU law”.

The decision follows a 2015 ruling which invalidated a similar data transfer agreement between the EU and the US known as Safe Harbour.

The decision is likely to affect many companies who rely on data transfers between the two territories. Some industry players have voiced concerns about the future of data transfers between the two territories. A number of industry groups, led by the Software Alliance, have reacted by calling for a new, reliable framework for transatlantic data transfers.

However, the ECJ also found that the Standard Contractual Clauses, another mechanism for cross-border data transfers with the US, were lawful in principle, although a case-by-case analysis of the risks inherent in third country data transfers would have to be considered. Companies affected by the decision may therefore be able to switch to relying on this basis for such transfers.

Moreover, article 49 of the GDPR does provide for “necessary” transfers (e.g. transfers which are vital for: the conclusion or performance of a contract, the establishment, exercise or defence of legal claims, protecting the vital interests of the data subject, or for important reasons of public interest) to continue in the absence of an adequacy decision or appropriate safeguards. It will be interesting to see how many companies will seek to rely on this.

In a press statement, the US Secretary of State, Michael Pompeo, has expressed disappointment at the decision and indicated it is “reviewing this outcome and the consequences and implications for more than 5,300 European and U.S. companies, representing millions of transatlantic jobs and over $7.1 trillion in commercial transactions.”

The ECJ’s decision can be found here.

Please contact Jose Saras if you have been affected by the ECJ’s decision, or if you have any questions related to data transfers and data protection regulations.

 

 

Latest Preiskel & Co blog posts
  • CMA AI Report: The Foundation of the UK’s AI Response
    September 21, 2023
  • Navigating Health Data Compliance: A Roadmap for Employers
    September 21, 2023
  • Transatlantic convergence? Recent cases on advertising and privacy from the USA and UK
    September 15, 2023
  • Practical Guide – Net Neutrality in the UK
    September 14, 2023
  • Virgin succeeded in defending a claim by EE for loss of EE’s profits caused by Virgin’s breach of the MVNO Exclusivity Clause
    September 12, 2023
  • Getting out of a (data) scrape: global statement published for the protection of publicly accessible personal data online
    September 8, 2023
  • The dark side of design: the ICO and CMA call for businesses to rethink their website layouts
    August 18, 2023
  • Could the Supreme Court’s ruling on litigation funding agreements cause havoc for litigation funders?
    August 17, 2023
  • US Threats of a ‘Te(ch)xodus’ from the UK?
    August 17, 2023
  • Smoother Sailing for EU-US Data Transfers after GDPR Adequacy Decision
    August 4, 2023
  • Unlocking Data Flows: EU-US Data Privacy Framework Receives Adequacy Decision
    July 13, 2023
  • UK’s World Leading Approach on Artificial Intelligence – White Paper outlines 5 guideline principles for responsible use of AI
    July 5, 2023

The Preiskel Blog

  • CMA AI Report: The Foundation of the UK’s AI Response 21 Sep 2023
  • Navigating Health Data Compliance: A Roadmap for Employers 21 Sep 2023
  • Transatlantic convergence? Recent cases on advertising and privacy from the USA and UK 15 Sep 2023
  • Practical Guide – Net Neutrality in the UK 14 Sep 2023

Preiskel news

  • Tim Cowen, Chair of Antitrust Practice, Preiskel & Co, quoted in The Times
  • Practical Guide – Net Neutrality in the UK
  • Danny Preiskel featured in GCCM Magazine (June/July 2023 issue 55)  
  • Danny Preiskel moderating a panel at the MEF Connects – The Future of Fraud Prevention event (5th September 2023, hybrid)
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2023 | Site map | Legal notices | Cookie Policy | Privacy