EU-U.S. Privacy Shield Invalidated: Does Your Company Have a Plan B?

July 17, 2020 Alerts and Newsletters

On Thursday, July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield (“Privacy Shield”) in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Case C-311/18). The CJEU’s ruling voiced concern that the Privacy Shield does not adequately protect EU data subjects’ personal data from U.S. surveillance in the same way their data is protected in the EU by the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

Although the Privacy Shield was invalidated, the CJEU upheld the validity of the standard contractual clauses (“SCCs”). However, the CJEU stated that the relevant supervisory authority must suspend or prohibit a transfer of personal data to a third country if it determines that the SCCs are not or cannot be complied with in that country and that the protection of the personal data transferred required by the GDPR cannot be ensured by other means (assuming, that is, that the data exporter has not already suspended or put an end to the transfer).

This judgment presents new challenges for U.S. companies that are certified under the Privacy Shield and have been using the Privacy Shield as the legal basis for transferring personal data from the EU into the U.S. The U.S. Department of State issued a statement today indicating that it is reviewing this outcome and the “consequences and implications for more than 5,300 European and U.S. companies, representing millions of transatlantic jobs and over $7.1 trillion in commercial transactions.” The Department acknowledged that uninterrupted data flows are essential to economic growth and innovation, particularly now as both the U.S. and EU economies recover from the effects of the COVID-19 pandemic, and stated that it will continue to work closely with the EU to find a mechanism to enable the essential unimpeded commercial transfer of data from the EU to the U.S.

Our team at Verrill is advising these U.S. companies, and others that are impacted in a less direct manner, on how to address this most recent change under EU data protection laws. For questions on this new decision or for assistance in dealing with the invalidation of the Privacy Shield, please contact your regular Verrill attorney.

Firm Highlights

Publication/Podcast

Hospital Price Transparency Rule: Full Steam Ahead

Neither COVID-19 nor continued legal challenges appear likely to derail the Centers for Medicare & Medicaid Services ( CMS) Hospital Price Transparency Rule from going into effect on January 1, 2021. Hospitals therefore should...

Publication/Podcast

HHS Confirms Providers’ Right to 340B Discount Pricing for Contract Pharmacies

As a holiday gift to providers, the U.S. Department of Health and Human Services (HHS) General Counsel recently issued a strongly worded Advisory Opinion indicating that federal law requires drug manufacturers to deliver covered...

Publication/Podcast

Massachusetts Health Care Bill Makes Several Significant Changes

While you were celebrating the New Year, Governor Baker signed Chapter 260 of the Acts of 2020, an “Act promoting a resilient health care system that puts patients first,” the result of the Legislature’s...

Publication/Podcast

The Regulatory Sprint is Over - What’s at the Finish Line Under the New Stark and AKS Final Rules?

The U.S. Department of Health and Human Services (HHS) completed its “Regulatory Sprint” by finalizing changes to regulations pertaining to two federal fraud and abuse laws. On December 2, 2020, the Centers for Medicare...

Publication/Podcast

340B Providers Get Partial Relief from New Dispute Resolution Regulation

1. 340B ADR Process Established At long last, more than ten years after Congress directed it to do so, HHS has finalized an alternative dispute resolution (“ADR”) process for both providers and pharmaceutical manufacturers...

News

Verrill Welcomes Jeffrey A. Smagula, Experienced Health Care and Life Sciences Attorney, Former Health Plan Compliance Executive

(May 12, 2021) – Verrill is pleased to welcome Jeffrey A. Smagula to the firm’s Boston office as Counsel in its nationally recognized Health Care & Life Sciences Group. Jeff Smagula brings to Verrill...

Publication/Podcast

News Flash: HHS Issues Statement Removing Premarket Review Requirements for Laboratory Developed Tests (“LDTs”), Including COVID-19 LDTs

What happened? On August 19, 2020, the U.S. Department of Health and Human Services (“HHS”) issued a single paragraph statement rescinding U.S. Food and Drug Administration (“FDA”) guidance documents concerning premarket review of Laboratory...

Publication/Podcast

Fraud and Abuse Investigations Handbook for the Health Care Industry, Second Edition.

Health care attorney Paul Shaw co-authored Fraud and Abuse Investigations Handbook for the Health Care Industry, Second Edition with Robert Griffith, published by the American Health Law Association (AHLA). Paul and Robert provide legal...

Publication/Podcast

“If I've told you once, I've told you eight times…” HHS OIG Issues Another Audit Report on Hospitals’ Failure to Report Credits for Explanted Cardiac Devices and Lays the Groundwork Collection of Overpayments

Contact Verrill at (855) 307 0700