In the Privacy Shield storm -practical advice


I am and still attending a great session hosted by the IAPP on the Schrems II decision and Privacy Shield consequence, i.e. it is no longer a legal mechanism for data transfer from the EU to the US.

Miriam Wegmeister was a great panelist and gave some great insights, very practical and cool lady!

Practical steps as follows:

  • There were some revised SCCs drafted even before this decision which can be used.
  • Look at other mechanisms, e.g. transfers subject to appropriate safeguards (Article 46). What jumps out at me are (e) Code of Conduct, and (f) Certification.
  • Art 49 normally only to be used in exceptional circumstances, maybe the Commission can relax on this. Art 49 is derogations for international transfers, my favourite (not) legal subject. It makes sense, as it is similar to Art 6, with some variations.

The decision is that Privacy Shield is not legal anymore, stop, no grace period, however looking at the UK Information Commissioner website and voila, they are recommending to “continue using Privacy Shield until new guidance becomes available” but do not start using Privacy Shield.

2 thoughts on “In the Privacy Shield storm -practical advice

  1. Although grace period was not officially declared, I don’t think that tomorrow DPAs will immediately start their enforcement in relation to those who duly implemented Privacy Shield mechanisms and principles 🙂

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.