Data Privacy Update — Privacy Shield Adopted!

As I have mentioned previously, I will continue to try to provide updates on the topic of data sovereignty and data privacy as new news develops.

And there has been some interesting news.

So, here’s my standard data sovereignty / privacy shield summary, to get everyone on the same page.

In October 2015, the European Court of Justice was asked to rule on the adequacy of the Safe Harbor privacy regulations, which were originally accepted by the European Commission in July 2000. After some legal review by various European courts, the European Court of Justice invalidated the Safe Harbor agreement, requiring the European Commission to revisit the regulations between the EU and the United States. In February 2016, the EU and the US had reached an agreement (called the Privacy Shield) to address the concerns that invalidated Safe Harbor.

On Friday, July 8th, representatives of the 28 EU member nations approved the final version of the Privacy Shield agreement, and can now be formally adopted by the European Commission this week.

This does not signal the end of the story, however. Already, privacy advocates in the EU have expressed their displeasure about the new agreement, and vowed to take the agreement to court. Specifically, the concerns revolve around how data is stored and used by social media and search companies.

Also, with the most recent news of the UK exiting the European Union, there is a fairly decent chance that the United States will have to negotiate a similar agreement with the UK once the “Brexit” is completed.

So, to summarize from my perspective: The new Privacy Shield agreement will be adopted, and US companies can start to figure out how to operate under this new agreement. That is, until the European Court of Justice overturns this agreement — much in the same way that it overturned the Safe Harbor agreements. The saga continues, and the end result is still way out.