EU-U.S. Privacy Shield Program Update

An update from the U.S. Department of Commerce, the International Trade Administration’s Privacy Shield Team:

On behalf of the U.S. Department of Commerce, the International Trade Administration’s Privacy Shield Team would like to make you aware of an important joint statement issued on August 10, 2020 from U.S. Secretary of Commerce Wilbur Ross and European Commissioner for Justice Didier Reynders regarding the EU-U.S. Privacy Shield Framework.  The joint statement is included below for your convenience.

“Joint Press Statement from U.S. Secretary of Commerce Wilbur Ross and European Commissioner for Justice Didier Reynders

The U.S. Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy Shield framework to comply with the July 16 judgment of the Court of Justice of the European Union in the Schrems II case. This judgment declared that this framework is no longer a valid mechanism to transfer personal data from the European Union to the United States.

The European Union and the United States recognize the vital importance of data protection and the significance of cross-border data transfers to our citizens and economies. We share a commitment to privacy and the rule of law, and to further deepening our economic relationship, and have collaborated on these matters for several decades.

As we face new challenges together, including the recovery of the global economy after the COVID-19 pandemic, our partnership will strengthen data protection and promote greater prosperity for our nearly 800 million citizens on both sides of the Atlantic.”

 FAQs

Please also be aware that additional frequently asked questions (FAQs) have recently been posted to the Privacy Shield website.

  • The additional FAQs concerning the EU-U.S. Privacy Shield address the following questions:
    • Can a Privacy Shield participant rely on the EU-U.S. Privacy Shield Framework to receive personal data from the European Union in light of the July 16, 2020 decision by the Court of Justice of the European Union (CJEU)?
    • Will there be a delay or moratorium on enforcement by EU data protection authorities in light of the July 16, 2020 decision by the Court of Justice of the European Union (CJEU)?
    • Why should U.S.-based organizations participate in the EU-U.S. Privacy Shield Framework in light of the July 16, 2020 decision by the Court of Justice of the European Union (CJEU)?
    • Have the requirements regarding re-certification under the EU-U.S. Privacy Shield Framework changed in light of the July 16, 2020 decision by the Court of Justice of the European Union (CJEU)?
    • Have the requirements regarding withdrawal from the EU-U.S. Privacy Shield Framework changed in light of the July 16, 2020 decision by the Court of Justice of the European Union (CJEU)?
  • The additional FAQ concerning the Swiss-U.S. Privacy Shield addresses the following question:
    • Can a Privacy Shield participant rely on the Swiss-U.S. Privacy Shield Framework to receive personal data from Switzerland in light of the July 16, 2020 decision by the Court of Justice of the European Union (CJEU)?