EU-U.S. Privacy Shield Invalidated: Does Your Company Have a Plan B?

July 17, 2020 Alerts and Newsletters

On Thursday, July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield (“Privacy Shield”) in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Case C-311/18). The CJEU’s ruling voiced concern that the Privacy Shield does not adequately protect EU data subjects’ personal data from U.S. surveillance in the same way their data is protected in the EU by the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

Although the Privacy Shield was invalidated, the CJEU upheld the validity of the standard contractual clauses (“SCCs”). However, the CJEU stated that the relevant supervisory authority must suspend or prohibit a transfer of personal data to a third country if it determines that the SCCs are not or cannot be complied with in that country and that the protection of the personal data transferred required by the GDPR cannot be ensured by other means (assuming, that is, that the data exporter has not already suspended or put an end to the transfer).

This judgment presents new challenges for U.S. companies that are certified under the Privacy Shield and have been using the Privacy Shield as the legal basis for transferring personal data from the EU into the U.S. The U.S. Department of State issued a statement today indicating that it is reviewing this outcome and the “consequences and implications for more than 5,300 European and U.S. companies, representing millions of transatlantic jobs and over $7.1 trillion in commercial transactions.” The Department acknowledged that uninterrupted data flows are essential to economic growth and innovation, particularly now as both the U.S. and EU economies recover from the effects of the COVID-19 pandemic, and stated that it will continue to work closely with the EU to find a mechanism to enable the essential unimpeded commercial transfer of data from the EU to the U.S.

Our team at Verrill is advising these U.S. companies, and others that are impacted in a less direct manner, on how to address this most recent change under EU data protection laws. For questions on this new decision or for assistance in dealing with the invalidation of the Privacy Shield, please contact your regular Verrill attorney.

Firm Highlights

Publication/Podcast

The Regulatory Sprint is Over - What’s at the Finish Line Under the New Stark and AKS Final Rules?

The U.S. Department of Health and Human Services (HHS) completed its “Regulatory Sprint” by finalizing changes to regulations pertaining to two federal fraud and abuse laws. On December 2, 2020, the Centers for Medicare...

News

Verrill Ranked in American Bar Association’s Health Law Top 10 in the Northeast

(January 19, 2021) – Verrill was recently ranked third in the American Bar Association (ABA) Health Law Section's Eighth Annual Top 10 Recognition for the Northeast Region. This is the sixth consecutive year that...

Publication/Podcast

HHS Confirms Providers’ Right to 340B Discount Pricing for Contract Pharmacies

As a holiday gift to providers, the U.S. Department of Health and Human Services (HHS) General Counsel recently issued a strongly worded Advisory Opinion indicating that federal law requires drug manufacturers to deliver covered...

News

Michael K. Fee to Lead Verrill’s Nationally-Recognized Health Care and Life Sciences Practice Amidst Recent Changes

(August 31, 2020) – Verrill is pleased to announce Michael K. Fee as the new leader of Verrill’s nationally-recognized Health Care & Life Sciences Group. The Group has a long history of representing a...

Matter

European Union GDPR—Institution

Counseled a preeminent health system and academic medical center on its compliance with the European Union General Data Protection Regulation (GDPR) in relation to its clinical and research activities, including its international research studies...

Matter

Conflicts of Interest

Reviewed medical center's systems, policies and procedures for identifying, assessing, and managing investigator and institutional conflicts of interest.

News

Verrill Welcomes Health Care Attorney Alicia Siani

(February 2, 2021) – Verrill is pleased to welcome health care attorney Alicia Siani to the firm’s Boston, Massachusetts office. Siani represents clients in a wide range of regulatory issues, including HIPAA privacy matters...

Publication/Podcast

Massachusetts Health Care Bill Makes Several Significant Changes

While you were celebrating the New Year, Governor Baker signed Chapter 260 of the Acts of 2020, an “Act promoting a resilient health care system that puts patients first,” the result of the Legislature’s...

Publication/Podcast

340B Providers Get Partial Relief from New Dispute Resolution Regulation

1. 340B ADR Process Established At long last, more than ten years after Congress directed it to do so, HHS has finalized an alternative dispute resolution (“ADR”) process for both providers and pharmaceutical manufacturers...

Matter

Multi-Site Global Research

Developed and negotiated site and coordinating center agreements in connection with a multi-site, international, National Institutes of Health (NIH)-funded study, and advised on regulatory issues related to the conduct of the study and subsequent...

Contact Verrill at (855) 307 0700