EU-U.S. Privacy Shield Invalidated: Does Your Company Have a Plan B?

July 17, 2020 Alerts and Newsletters

On Thursday, July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield (“Privacy Shield”) in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Case C-311/18). The CJEU’s ruling voiced concern that the Privacy Shield does not adequately protect EU data subjects’ personal data from U.S. surveillance in the same way their data is protected in the EU by the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

Although the Privacy Shield was invalidated, the CJEU upheld the validity of the standard contractual clauses (“SCCs”). However, the CJEU stated that the relevant supervisory authority must suspend or prohibit a transfer of personal data to a third country if it determines that the SCCs are not or cannot be complied with in that country and that the protection of the personal data transferred required by the GDPR cannot be ensured by other means (assuming, that is, that the data exporter has not already suspended or put an end to the transfer).

This judgment presents new challenges for U.S. companies that are certified under the Privacy Shield and have been using the Privacy Shield as the legal basis for transferring personal data from the EU into the U.S. The U.S. Department of State issued a statement today indicating that it is reviewing this outcome and the “consequences and implications for more than 5,300 European and U.S. companies, representing millions of transatlantic jobs and over $7.1 trillion in commercial transactions.” The Department acknowledged that uninterrupted data flows are essential to economic growth and innovation, particularly now as both the U.S. and EU economies recover from the effects of the COVID-19 pandemic, and stated that it will continue to work closely with the EU to find a mechanism to enable the essential unimpeded commercial transfer of data from the EU to the U.S.

Our team at Verrill is advising these U.S. companies, and others that are impacted in a less direct manner, on how to address this most recent change under EU data protection laws. For questions on this new decision or for assistance in dealing with the invalidation of the Privacy Shield, please contact your regular Verrill attorney.

Firm Highlights

Matter

Conflicts of Interest

Reviewed medical center's systems, policies and procedures for identifying, assessing, and managing investigator and institutional conflicts of interest.

Publication/Podcast

News Flash: HHS Issues Statement Removing Premarket Review Requirements for Laboratory Developed Tests (“LDTs”), Including COVID-19 LDTs

What happened? On August 19, 2020, the U.S. Department of Health and Human Services (“HHS”) issued a single paragraph statement rescinding U.S. Food and Drug Administration (“FDA”) guidance documents concerning premarket review of Laboratory...

Publication/Podcast

OHRP Issues Guidance on the Conduct of Research During COVID-19 Public Health Emergency

The U.S. Department of Health & Human Services Office for Human Research Protections (“OHRP”) issued guidance , dated April 8, 2020, on the application of Common Rule requirements to research being conducted during the...

News

38 Verrill Attorneys, Across Four Offices, Recognized in 2020 Chambers & Partners Guide

(April 27, 2020) – Verrill has been rated as a Leading Firm in a total of ten categories and subcategories as evaluated by London-based Chambers & Partners , one of the world's most respected...

Matter

Multi-Site Global Research

Developed and negotiated site and coordinating center agreements in connection with a multi-site, international, National Institutes of Health (NIH)-funded study, and advised on regulatory issues related to the conduct of the study and subsequent...

News

Michael K. Fee to Lead Verrill’s Nationally-Recognized Health Care and Life Sciences Practice Amidst Recent Changes

(August 31, 2020) – Verrill is pleased to announce Michael K. Fee as the new leader of Verrill’s nationally-recognized Health Care & Life Sciences Group. The Group has a long history of representing a...

Publication/Podcast

FDA Updates its Guidance on Conducting Clinical Trials During COVID-19 Public Health Emergency

On April 16, 2020, the U.S. Food & Drug Administration (“FDA”) again updated its guidance on the “Conduct of Clinical Trials of Medical Products during COVID-19 Public Health Emergency,” adding seven new questions and...

Publication/Podcast

FDA Issues Guidance on IRB Review of Non-Emergency Individual Patient Expanded Access Requests for Investigational Drugs and Biological Products to Treat COVID-19

Prompted by a substantial increase in requests for individual patient access to investigational drugs and biologics to treat COVID-19, the U.S. Food & Drug Administration (“FDA”) issued guidance on June 2, 2020 that outlines...

Matter

European Union GDPR—Institution

Counseled a preeminent health system and academic medical center on its compliance with the European Union General Data Protection Regulation (GDPR) in relation to its clinical and research activities, including its international research studies...

News

Nearly 80 Verrill Attorneys Recognized by Best Lawyers® 2021, Including a Dozen Named Lawyers of the Year

(August 24, 2020) – Nearly 80 Verrill attorneys were recognized as "Best Lawyers" by Best Lawyers® 2021 , including 12 attorneys named “Lawyer of the Year,” a distinguished recognition for only a single lawyer...