EU-U.S. Privacy Shield Invalidated: Does Your Company Have a Plan B?

July 17, 2020 Alerts and Newsletters

On Thursday, July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield (“Privacy Shield”) in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Case C-311/18). The CJEU’s ruling voiced concern that the Privacy Shield does not adequately protect EU data subjects’ personal data from U.S. surveillance in the same way their data is protected in the EU by the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

Although the Privacy Shield was invalidated, the CJEU upheld the validity of the standard contractual clauses (“SCCs”). However, the CJEU stated that the relevant supervisory authority must suspend or prohibit a transfer of personal data to a third country if it determines that the SCCs are not or cannot be complied with in that country and that the protection of the personal data transferred required by the GDPR cannot be ensured by other means (assuming, that is, that the data exporter has not already suspended or put an end to the transfer).

This judgment presents new challenges for U.S. companies that are certified under the Privacy Shield and have been using the Privacy Shield as the legal basis for transferring personal data from the EU into the U.S. The U.S. Department of State issued a statement today indicating that it is reviewing this outcome and the “consequences and implications for more than 5,300 European and U.S. companies, representing millions of transatlantic jobs and over $7.1 trillion in commercial transactions.” The Department acknowledged that uninterrupted data flows are essential to economic growth and innovation, particularly now as both the U.S. and EU economies recover from the effects of the COVID-19 pandemic, and stated that it will continue to work closely with the EU to find a mechanism to enable the essential unimpeded commercial transfer of data from the EU to the U.S.

Our team at Verrill is advising these U.S. companies, and others that are impacted in a less direct manner, on how to address this most recent change under EU data protection laws. For questions on this new decision or for assistance in dealing with the invalidation of the Privacy Shield, please contact your regular Verrill attorney.

Firm Highlights

Matter

Conflicts of Interest

Reviewed medical center's systems, policies and procedures for identifying, assessing, and managing investigator and institutional conflicts of interest.

Publication/Podcast

Hospital Price Transparency Rule: Full Steam Ahead

Neither COVID-19 nor continued legal challenges appear likely to derail the Centers for Medicare & Medicaid Services ( CMS) Hospital Price Transparency Rule from going into effect on January 1, 2021. Hospitals therefore should...

Matter

European Union GDPR—Institution

Counseled a preeminent health system and academic medical center on its compliance with the European Union General Data Protection Regulation (GDPR) in relation to its clinical and research activities, including its international research studies...

News

Nearly 80 Verrill Attorneys Recognized by Best Lawyers® 2021, Including a Dozen Named Lawyers of the Year

(August 24, 2020) – Nearly 80 Verrill attorneys were recognized as "Best Lawyers" by Best Lawyers® 2021 , including 12 attorneys named “Lawyer of the Year,” a distinguished recognition for only a single lawyer...

Matter

Common Rule

Guided multiple clients through the implementation of the revised HHS regulations (the "Common Rule"), including reviewing and revising policies and procedures, and assisting with institutional approaches to implementation.

News

Michael K. Fee to Lead Verrill’s Nationally-Recognized Health Care and Life Sciences Practice Amidst Recent Changes

(August 31, 2020) – Verrill is pleased to announce Michael K. Fee as the new leader of Verrill’s nationally-recognized Health Care & Life Sciences Group. The Group has a long history of representing a...

Publication/Podcast

FDA Issues Guidance on IRB Review of Non-Emergency Individual Patient Expanded Access Requests for Investigational Drugs and Biological Products to Treat COVID-19

Prompted by a substantial increase in requests for individual patient access to investigational drugs and biologics to treat COVID-19, the U.S. Food & Drug Administration (“FDA”) issued guidance on June 2, 2020 that outlines...

Matter

Multi-Site Global Research

Developed and negotiated site and coordinating center agreements in connection with a multi-site, international, National Institutes of Health (NIH)-funded study, and advised on regulatory issues related to the conduct of the study and subsequent...

Publication/Podcast

News Flash: HHS Issues Statement Removing Premarket Review Requirements for Laboratory Developed Tests (“LDTs”), Including COVID-19 LDTs

What happened? On August 19, 2020, the U.S. Department of Health and Human Services (“HHS”) issued a single paragraph statement rescinding U.S. Food and Drug Administration (“FDA”) guidance documents concerning premarket review of Laboratory...

Publication/Podcast

“If I've told you once, I've told you eight times…” HHS OIG Issues Another Audit Report on Hospitals’ Failure to Report Credits for Explanted Cardiac Devices and Lays the Groundwork Collection of Overpayments

Contact Verrill at (855) 307 0700