The Commission’s review finds the Privacy Shield to have several novel elements that address the requirements laid down by the European Court of Justice in the Schrems case. Namely, the Commission reports that “[The Privacy Shield] provides for more regular and rigorous monitoring by the Department of Commerce and significantly strengthens the possibilities for EU individuals to obtain redress.”
On October 18, 2017, the EU Commission released its report and accompanying working document on the first annual review of the EU-U.S. Privacy Shield framework. The report states that the Privacy Shield framework continues to ensure an adequate level of protection for personal data that is transferred from the EU to the U.S. It also indicates that U.S. authorities have put in place the necessary structures and procedures to ensure the proper functioning of the Privacy Shield, including by providing new redress possibilities for EU individuals and instituting appropriate safeguards regarding government access to personal data.
Challenge brought by Privacy International alleges MI5 and MI6 bulk data-sharing regimes and legal oversight system are illegal.
US government lawyers have said it is critically important its views are taken into account when the High Court finalises the questions to be decided by the EU Court of Justice about the way EU citizens’ data is transferred to other countries.
Google is facing a new lawsuit over allegations that it shared the names and other personally identifiable information of people who purchased apps with developers.
The first joint annual review of the Privacy Shield is underway and the European Commission is preparing its report to be issued later this month. Separately, the EU DPAs are also conducting an assessment on how the arrangement is working.
On October 3 rd , 2017, the Irish High Court issued a decision to refer questions on the adequacy of standard contractual clauses (SCC) to the Court of Justice of the European Union (CJEU). This decision (which is already being referred to as the “Schrems 2.0 case” named after its plaintiff, Maximilian Schrems) follows a similar case that was brought before the Irish High Court in 2014 which ultimately resulted in a decision of the CJEU invalidating the Safe Harbour agreement between the United States and Europe.
A European Union court case ostensibly to keep personal data private could backfire and cause great damage to the continent, say industry leaders and legal experts.
In a long-awaited decision on whether and how Europeans’ private data can be protected from the roving eyes of the NSA, the Irish Commercial High Court this morning declared that “standard contractual clauses” —the procedure that tech companies like Facebook use to try to satisfy European privacy laws—should be reviewed by the European Union’s top court, the Court of Justice (CJEU).