“Privacy Shield” is Proposed to Replace Invalidated U.S. – EU Safe Harbor Agreement and Keep Data from Europe FlowingOn February 11, 2016 by Schnader
The Safe Harbor agreement between the European Union and the United States permitted American businesses to import personal data of EU citizens based on self-certification of compliance with EU data protection laws. Safe Harbor was widely criticized in Europe as being too easily circumvented, too infrequently enforced and offering too little protection to the personal data of EU citizens.
Edward Snowden’s 2013 claims that the U.S. National Security Agency was collecting vast quantities of personal data of foreign nationals provided to it by Internet companies dramatically escalated EU criticisms of Safe Harbor. Snowden’s revelations led European data processing authorities (“DPAs”) and EU representatives to insist on negotiations to strengthen Safe Harbor if termination of that agreement by the EU was to be avoided. While those negotiations slowly proceeded, the EU Court of Justice (“EUCJ”) heard a claim by an Austrian activist, Max Schrems, alleging that Facebook – a Safe Harbor participant – violated the privacy rights of EU citizens by giving their personal data to the NSA. On October 6, 2015 the EUCJ concluded in its Schrems decision that the Safe Harbor agreement failed to protect Europeans from unlimited and indiscriminate collection, storage and review of their private information, and thus was invalid.
Please click here to read the full Alert.