EU-U.S. Privacy Shield Invalidated: Does Your Company Have a Plan B?

July 17, 2020 Alerts and Newsletters

On Thursday, July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield (“Privacy Shield”) in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Case C-311/18). The CJEU’s ruling voiced concern that the Privacy Shield does not adequately protect EU data subjects’ personal data from U.S. surveillance in the same way their data is protected in the EU by the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

Although the Privacy Shield was invalidated, the CJEU upheld the validity of the standard contractual clauses (“SCCs”). However, the CJEU stated that the relevant supervisory authority must suspend or prohibit a transfer of personal data to a third country if it determines that the SCCs are not or cannot be complied with in that country and that the protection of the personal data transferred required by the GDPR cannot be ensured by other means (assuming, that is, that the data exporter has not already suspended or put an end to the transfer).

This judgment presents new challenges for U.S. companies that are certified under the Privacy Shield and have been using the Privacy Shield as the legal basis for transferring personal data from the EU into the U.S. The U.S. Department of State issued a statement today indicating that it is reviewing this outcome and the “consequences and implications for more than 5,300 European and U.S. companies, representing millions of transatlantic jobs and over $7.1 trillion in commercial transactions.” The Department acknowledged that uninterrupted data flows are essential to economic growth and innovation, particularly now as both the U.S. and EU economies recover from the effects of the COVID-19 pandemic, and stated that it will continue to work closely with the EU to find a mechanism to enable the essential unimpeded commercial transfer of data from the EU to the U.S.

Our team at Verrill is advising these U.S. companies, and others that are impacted in a less direct manner, on how to address this most recent change under EU data protection laws. For questions on this new decision or for assistance in dealing with the invalidation of the Privacy Shield, please contact your regular Verrill attorney.

Firm Highlights

News

38 Verrill Attorneys, Across Four Offices, Recognized in 2020 Chambers & Partners Guide

(April 27, 2020) – Verrill has been rated as a Leading Firm in a total of ten categories and subcategories as evaluated by London-based Chambers & Partners , one of the world's most respected...

Matter

Common Rule

Guided multiple clients through the implementation of the revised HHS regulations (the "Common Rule"), including reviewing and revising policies and procedures, and assisting with institutional approaches to implementation.

Publication/Podcast

Updated FDA COVID-19 Guidance for Conduct of Clinical Trials

On March 27, 2020, the U.S. Food & Drug Administration (“FDA”) updated its prior guidance on the “ Conduct of Clinical Trials of Medical Products during COVID-19 Pandemic ,” with an appendix adding a...

Matter

Multi-Site Global Research

Developed and negotiated site and coordinating center agreements in connection with a multi-site, international, National Institutes of Health (NIH)-funded study, and advised on regulatory issues related to the conduct of the study and subsequent...

Publication/Podcast

OHRP Issues Guidance on the Conduct of Research During COVID-19 Public Health Emergency

The U.S. Department of Health & Human Services Office for Human Research Protections (“OHRP”) issued guidance , dated April 8, 2020, on the application of Common Rule requirements to research being conducted during the...

Matter

Conflicts of Interest

Reviewed medical center's systems, policies and procedures for identifying, assessing, and managing investigator and institutional conflicts of interest.

Publication/Podcast

FDA Updates its Guidance on Conducting Clinical Trials During COVID-19 Public Health Emergency

On April 16, 2020, the U.S. Food & Drug Administration (“FDA”) again updated its guidance on the “Conduct of Clinical Trials of Medical Products during COVID-19 Public Health Emergency,” adding seven new questions and...

Publication/Podcast

Due to COVID-19, Federal Agencies Relax Requirements Regarding the Provision of Telehealth Services

In the past few days, in an effort to help keep Medicare beneficiaries healthy during the COVID-19 pandemic, key federal agencies within the U.S. Department of Health and Human Services (“HHS”) and the U.S...

Publication/Podcast

FDA Issues Guidance on IRB Review of Non-Emergency Individual Patient Expanded Access Requests for Investigational Drugs and Biological Products to Treat COVID-19

Prompted by a substantial increase in requests for individual patient access to investigational drugs and biologics to treat COVID-19, the U.S. Food & Drug Administration (“FDA”) issued guidance on June 2, 2020 that outlines...

Matter

European Union GDPR—Institution

Counseled a preeminent health system and academic medical center on its compliance with the European Union General Data Protection Regulation (GDPR) in relation to its clinical and research activities, including its international research studies...