• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

EU-U.S. Privacy Shield Faces Judicial Attack

October 31, 2016 By Privacy, Cyber & Data Strategy Team

The EU-U.S. Privacy Shield (“Privacy Shield”) is already under challenge before the European courts, after having been approved only some months ago by the European Commission (“EU Commission”).

The European courts’ website records that an action for annulment has been brought by Digital Rights Ireland, the privacy and digital rights advocacy organization, before the General Court of the European Union.  A spokesperson for the court has confirmed that Digital Rights Ireland’s application seeks annulment of the EU Commission’s July 12, 2016 Privacy Shield decision, which found that the United States ensures an adequate level of protection for personal data transferred from the EU to U.S. organizations participating in the Privacy Shield.  The application in the case, Digital Rights Ireland v Commission (T-670/16), was lodged with the General Court on September 16, 2016.

The case casts an early shadow on the Privacy Shield, which was established to replace the EU-U.S. Safe Harbor framework following its invalidation by the Court of Justice on October 6, 2015 in Maximillian Schrems v Commissioner (C-362-14).  The U.S. Department of Commerce (“DoC”) began accepting Privacy Shield registrations from U.S. companies on August 1, 2016, and the first successful registrants were entered onto DoC’s Privacy Shield List in mid-August.

Privacy-watchers will recall Digital Rights Ireland’s earlier, successful challenge to the EU’s Data Retention Directive (Directive 2006/24/EC), which sought to harmonize national law conditions on the required retention, by telcos and other public electronic communications providers, of traffic and location data generated by them in order to ensure the data’s availability to public authorities for purposes of preventing, investigating, and prosecuting “serious crime” (including terrorism).

It will be some time, likely a year or even longer, before the General Court rules on Digital Rights Ireland’s Privacy Shield challenge, and the court’s judgment will be subject to appeal on points of law before the Court of Justice, the highest court in the EU legal order.  The case is of interest to all companies that transfer personal data from the EU to the United States, and, in particular, to U.S. companies that have registered under the Privacy Shield or are contemplating registration.

Filed Under: Data Protection, International, Privacy, Privacy Shield Tagged With: EU Data Protection, EU Privacy, European Union (EU)

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Belgian Supervisory Authority Sanctions News Media Company for Violating Cookie Rules
  • DOJ Issues New Policy on CFAA Prosecutions
  • EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.