The European Court of Justice has ruled the well-established agreement relied on by thousands of companies to transfer personal data across the Atlantic – the Privacy Shield Agreement – is invalid. According to the ECJ, the agreement doesn’t sufficiently protect personal data transferred from the EU to the US from being accessed by authorities there. While the precise implications of the decision are still being calculated, they are likely to be far-reaching. This important decision effectively means that the United States is no longer able to import data from the EU because its data protection measures are not as robust as the standards set by GDPR.
GDPR means personal data of EU citizens can only be transferred internationally if stringent safeguards are met. The Privacy Shield enabled transferal of data to 5,000 certified agencies in the US that met higher levels of data security than required by domestic US law. (The Privacy Shield replaced the earlier Safe Harbor agreement). In practice of course the Privacy Shield meant high profile companies like Zoom could operate smoothly. But it also had advantages for small and medium-sized businesses because complying with it was relatively straightforward and cost-effective.
An Austrian data privacy activist, Maximillian Schrems objected to the way his personal data was being used by Facebook Ireland (the Facebook affiliate that processes the information of Facebook users outside the US). In particular he took issue with the transference of his data by Facebook Ireland to Facebook Inc., in the US where US agencies could have access to it in a way that was incompatible with GDPR. (To clarify: because Facebook Ireland, which gathered his data in the first place is located within the EU it is subject to the strict GDPR data protection regime).
The European Court was clear: the Privacy Shield Agreement doesn’t restrict US authorities from accessing data transferred from the EU “in a way that satisfies requirements that are essentially equivalent to those required under EU law”. It based the decision on a number of factors, including:
In the UK the ICO has reiterated the European Data Protection Board’s recommendation that from now on companies wishing to transfer data abroad – to the US or elsewhere – must carry out a risk assessment to establish whether the SCC provides enough protection within the local legal framework.
Remember – the decision that the Privacy Shield Agreement is invalid is of immediate effect. Businesses should now bear in mind the extra risk involved when transferring data to the US and take appropriate steps. For now, companies may need to rely on the existing backstop-type procedure of using EU standard contractual clauses (SCCs). These can ensure adequate data protection when transferring data to the US. Companies already need to use this mechanism where there is a flow of data fro the EU (or UK) to countries such as China or India. In its judgment on the Privacy Shield Agreement the ECJ confirmed that appropriately drafted SCCs remain an acceptable way to ensure adequate data security.
It’s important to note that relying in SCCs will not be possible in every case. It will be necessary to examine the regulatory regime in the country into which the data is being imported to ensure that the company there can in fact comply fully with the SCC when processing the data. If it can’t some other way to validly transfer the data must be found– for example by relying on the consent of the individual data subject.
UK businesses now face pressure on a range of fronts. The ICO has indicated that it will react pragmatically and proportionately to the ECJ decision to invalidate the Privacy Shield. At Nath Solicitors we can help with drafting SCCs and assist with any appropriate risk assessments to ensure any data you transfer is adequately secure. Please contact us on 44 (0) 203 670 5540 or use the covid19 emergency contact form to get in touch online.
"Shubha Nath is my go-to lawyer. She provided my department with commercial legal services for the best part of 10 years. She listens carefully to what the business requires, is clear in her explanation of complex legal agreements and frameworks and is incredibly fast at turning round documents. I was so impressed by her I've recommended her company Nath Solicitors to other businesses."Testimonial From Bernard McKeown
"Shubha, I'd just like to thank you for helping me to come to an amicable settlement with my former company co-directors so quickly and effectively. The advice and suggested approach certainly worked very well for me and I also felt a sense of safety and control being mentored through a very daunting process. You are brilliant at what you do and you helped me to cope with a very stressful situation. I would not hesitate to recommend you and Nath…Testimonial From Stephan Hepton
“I would like to thank and recommend Nath Solicitors and Shubha personally for all your professional advice and help. We have a variety of business interests from Medical and Dental to Analytics and Artificial Intelligence; I am extremely impressed how Shubha has been able to advise in all of these fields for a variety of unrelated projects. We have been particularly impressed with hard work, dedication, professional approach and personal touch. Dr Chetan.”Testimonial From Dr Chetan
I live in Saudi Arabia. Although thousands of kilometers separated us, I picked up the phone and talked to Shubha and I asked her to help me in what I believed was a fraud case. She answered gladly. She was smart, honest, and professional; she has been receiving my calls, letters and emails for more than one month did not seem to mind at what time I communicated with her and it was any time and she always responded quickly. Shubha…Dr Aldarwish ( International client)
We are pleased to note our satisfaction with the standard of service, offered to us by qualified and efficient team of Nath Solicitors. This is a Firm with high integrity and strong, traditional, values focusing on providing the utmost levels of customer satisfaction but don’t just take their word for it, take time to review their customer testimonials. Shubha Nath, who has been providing services to our company, has shown how passionate she is about her job and has delivered…MD of Security Company Dispute Resolution Testimonial
Client comment on company incorporation and advice on a shareholders agreement prepared by Shubha Nath. We felt well advised and Shubha protected our interests immaculately and we are truly very grateful to her for all her help in securing our interests. Director Food Company.Director of a Food Company
We would like to reassure clients that everything at Nath Solicitors is
business as usual.
During this COVID-19 outbreak, we would like to reassure you that we have well formulated business continuity plans in place to ensure matters are dealt with.
During these uncertain times we know that you may have concerns about your contract. At Nath Solicitors we are currently offering special fixed prices for a review and short initial consultation; if you need help contact us via our contact form or by email at email@example.com and we will be happy to assist you.