Privacy and data security continue to make headlines and this time the waves are coming from the European Court of Justice (i.e., the highest court of the European Union). Without comprehensive U.S. federal privacy legislation, it is of little to no surprise (albeit disappointing) that the European Court of Justice (the “Court”) invalidated the EU-U.S. Privacy Shield Framework because it failed to impose appropriate safeguards with respect to the transfer of personal data located in Europe to the United States.
What is Privacy Shield and What Happened to Change it?
The EU-U.S. Privacy Shield Framework (“Privacy Shield”), as stated on the official government website, “was designed by the U.S. Department of Commerce and the European Commission…to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union…to the United States in support of transatlantic commerce.”