Blog: VLP Speaks

Add to Portfolio

The EU-US Privacy Shield

Posted on Feb 9, 2016 in Privacy, Blog by Michael L. Whitener

Michael Whitener, partner with VLP Law Group, was recently quoted in the IAPP article, “How Sturdy is the Privacy Shield?” The article examines the new EU-US Privacy Shield introduced post-Safe Harbor.

Since the Safe Harbor Framework was struck down in October 2015, companies at home and abroad have been waiting for clear guidance from U.S. and EU regulators on how to deal with personal data transfers from the EU to the U.S. Enter the EU-US Privacy Shield, a new framework for transatlantic data flows. The new Privacy Shield was announced this week and was released without any formal text, leaving the implications a bit vague.

The Privacy Shield has been proposed to comply with the requirements of the Court of European Justice and is expected to provide mechanisms for greater oversight and enforcement by European data protection authorities as well as the U.S. Department of Commerce and the Federal Trade Commission. The Privacy Shield also will impose stricter obligations on U.S. companies to protect EU citizens’ personal data.

Until the full proposed text of the Privacy Shield is drafted and vetted, many questions remain.

Michael Whitener with VLP Law Group wondered whether those interested in using the Privacy Shield as a transfer mechanism will be allowed to “self-certify” as was permitted under the previous Safe Harbor Framework, to the ire of the European Commission.

“The EU Commission’s announcement indicates that U.S. companies ‘will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed.’ But isn’t that exactly what they committed to under the previous Safe Harbor principles?” Whitener asked.

To read the full IAPP article quoting Mr. Whitener, Click Here.

Michael Whitener is a partner at VLP Law Group. His legal practice focuses on two areas: (1) technology transactions, including software licensing and alliances, cloud computing, web hosting and outsourcing agreements; and (2) corporate compliance, particularly regarding data privacy and anti-corruption laws.

The VLP Speaks blog is made available for educational purposes only, to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site, you understand and acknowledge that no attorney-client relationship is formed between you and VLP Law Group LLP, nor should any such relationship be implied. This blog should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.