Privacy Shield News and Events

Privacy Shield-Related News 

  • March 25, 2021: U.S. Secretary of Commerce Gina Raimondo and European Commissioner for Justice Didier Reynders issued a joint statement noting in part that “The U.S. Government and the European Commission have decided to intensify negotiations on an enhanced EU-U.S. Privacy Shield framework to comply with the July 16, 2020 judgment of the Court of Justice of the European Union in the Schrems II case. These negotiations underscore our shared commitment to privacy, data protection, and the rule of law and our mutual recognition of the importance of transatlantic data flows to our respective citizens, economies, and societies.” The Privacy Shield and transatlantic data flows are a top priority for the Biden Administration.
  • January 25, 2021: On November 11, 2020, the European Data Protection Board (EDPB) released for public consultation its draft recommendations on measures that supplement transfer tools to ensure compliance with EU standards on protection of personal data. On November 12, 2020, the European Commission released for public consultation its proposed Decision on Standard Contractual Clauses (SCCs). During the public consultation periods, the U.S. government submitted comments to the European Commission and the EDPB that outline our feedback and suggestions on the drafts. Both sets of comments are now available on this site (see Comments on Proposed SCC Decisions, Comments on Proposed EDPB Recommendations 01/2020). Some of these comments build upon the White Paper the U.S. government released in September 2020, also available on this site, which set forth information about the robust limits and safeguards in the United States pertaining to government access to data to help organizations assess whether their transfers offer appropriate data protection in accordance with EU law. The European Commission has also published all of the comments it received to its proposed Decision on SCCs, including those from the U.S. government, which can be found here. The comments received by the EDPB on its draft recommendations on measures that supplement transfer tools to ensure compliance with EU standards on protection of personal data are available here
  • September 28, 2020: The U.S. Government released a white paper to assist organizations in assessing whether their EU-U.S. data transfers offer appropriate protection in accordance with the ECJ’s Schrems II ruling.
  • September 8, 2020: The Federal Data Protection and Information Commissioner (FDPIC) of Switzerland issued an opinion concluding that the Swiss-U.S. Privacy Shield Framework does not provide an adequate level of protection for data transfers from Switzerland to the United States pursuant to Switzerland’s Federal Act on Data Protection (FADP). As a result of that opinion, organizations wishing to rely on the Swiss-U.S. Privacy Shield to transfer personal data from Switzerland to the United States should seek guidance from the FDPIC or legal counsel. That opinion does not relieve participants in the Swiss-U.S. Privacy Shield of their obligations under the Swiss-U.S. Privacy Shield Framework. As we work to resolve the situation, the U.S. Department of Commerce will continue to administer the Privacy Shield program, including processing submissions for self-certification and re-certification to the Privacy Shield Frameworks and maintaining the Privacy Shield List. If you have questions, please contact the FDPIC or legal counsel.
  • August 10, 2020: Joint Press Statement from Former U.S. Secretary of Commerce Wilbur Ross and European Commissioner for Justice Didier Reynders
  • August 5, 2020: Former Federal Trade Commission (FTC) Chairman Joseph Simons noted with reference to the July 16, 2020 decision by the CJEU that “We stand ready to support the administration’s efforts in this area, but at the same time we will continue to hold companies accountable for their privacy commitments, including promises made under the Privacy Shield.”
  • July 16, 2020Former U.S. Secretary of Commerce Wilbur Ross Statement on Schrems II Ruling and the Importance of EU-U.S. Data Flows
  • July 16, 2020: The Court of Justice of the European Union (CJEU) issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. That decision does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the EU-U.S. Privacy Shield Framework. As we work to resolve the situation, the U.S. Department of Commerce will continue to administer the Privacy Shield program, including processing submissions for self-certification and re-certification to the Privacy Shield Frameworks and maintaining the Privacy Shield List. If you have questions, please contact the European Commission, the appropriate European national data protection authority or legal counsel.
  • Information on Federal Trade Commission (FTC) enforcement actions related to the Privacy Shield Frameworks can be found here.