After the first annual joint review of the EU-US Privacy Shield, and a stone throw away from the entry into application of GDPR, Constantin commented upon WP29’s opinion on this first annual joint review, in particular the improvements made by this new framework as compared to the former Safe Harbor agreement, and the remaining areas of concern.
The talk highlighted the inconsistencies between the Privacy Shield principles and GDPR, and the requirement for those Privacy Shield self-certified US organizations that fall within GDPR’s extra-territorial reach, to also comply with GDPR. Such analysis was of particular resonance as the scandal of Cambridge Analytica’s unauthorized use of Facebook subscribers’ data had just been revealed.
As a reminder, the EU-US Privacy Shield was designed by United States and European Union authorities to replace Safe Harbor to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
For a more detailed analysis of this topic, please refer to Constantin’s article here.