• Home
  • |
  • Log In
  • |
  • Contact
  • |
  • 0
Sovy
  • Products
    • Sovy GDPR Privacy Essentials℠
    • Sovy Academy℠
    • Sovy Advisory Services
    • Sovy Store
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Blog
  • Pricing
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
    • Contact Us
  • Products
    • Sovy GDPR Privacy Essentials℠
    • Sovy Academy℠
    • Sovy Advisory Services
    • Sovy Store
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Blog
  • Pricing
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
    • Contact Us

Sovy News & Blog

July 9, 2018

EU LIBE Issues with Privacy Shield – What SMEs Need To Know

Parliament Civil Liberties Committee (LIBE) voted 29-25 to suspend the EU-US Privacy Shield if it does not fix gaps in compliance by September 1. In making its Resolution, which is non-binding but puts pressure on the Commission to act accordingly, the LIBE Committee highlighted a few of the most prevailing issues:

  • US extension of surveillance measures (FISA Section 702) that allow the government to conduct mass warrantless surveillance over non-US citizens (and arguably over US citizens too). This clause was part of the reason the Court of Justice of the European Union (CJEU) invalidated Safe Harbour in 2015, and the US recently extended it for another 6 years.
  • US recent adoption of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) that grants US and foreign police access to personal data across borders.
  • Skepticism over Privacy Shield’s effectiveness in light of the Facebook-Cambridge Analytica scandal, Facebook’s admission of additional personal data transfers to other companies and other companies’ questionable personal data handling practices. Both Facebook and a subsidiary of Cambridge Analytica were registered members of Privacy Shield.

Potential Impact on SMEs

According to a joint survey conducted in 2017 by the IAPP and EY, 67 percent of surveyed SMEs said they planned to use Privacy Shield by 2018. Indeed, Privacy Shield holds many advantages to SMEs relative to other data transfer mechanisms such as Binding Corporate Rules (typically for larger enterprises) and Model Contract Clauses (which typically necessitate stronger legal background than many small businesses have or can afford).

If Privacy Shield is invalidated in the coming months, businesses will have to turn to other binding legal safeguards. The EU’s GDPR outlines some of these alternatives in Article 46(2). These alternatives generally focus on adopting enforceable contractual commitments and clauses that the EU Supervisory Authority approves or drafts.  But presently, none of these clauses or standards have been written nor disclosed by Supervisory Authority.  Businesses will need the Supervisory Authority’s guidance on procedures for implementation.

A final decision to invalidate Privacy Shield means that the EU Commission and its national Data Protection Authorities will have a great deal of work to do. They will need to issue guidance for businesses to implement feasible alternatives.

Should SMEs Be Concerned?

Yes, but it may be too early to adjust course or begin to change operational practices.

Two important notes regarding potential impact of this vote:

  • It is not the full parliament, just the LIBE Committee. The Parliament will hold a full vote later this month.
  • Only the Commission or the CJEU have the power to suspend Privacy Shield. The Commission is scheduled to hold its second annual review of Privacy Shield in October 2018, and the CJEU will hold a ruling on a new Schrems-Facebook case later this year which may very well negatively impact Privacy Shield.

Make sure your business is prepared for any eventuality. Ghttp://curia.europa.eu/juris/fiche.jsf?id=C%3B311%3B18%3BRP%3B1%3BP%3B1%3BC2018%2F0311%2FP&pro=&lgrec=en&nat=or&oqp=&dates=&lg=&language=en&jur=C%2CT%2CF&cit=none%252CC%252CCJ%252CR%252C2008E%252C%252C%252C%252C%252C%252C%252C%252C%252C%252Ctrue%252Cfalse%252Cfalse&td=%3BALL&pcs=Oor&avg=&mat=or&parties=Facebook&jge=&for=&cid=508221et compliant and stay compliant with Sovy’s GDPR Privacy EssentialsSM.

EU Facebook GDPR LIBE privacy shield US
Previous Story9 GDPR Myths Debunked
Next StoryGDPR News Bytes – 26th September 2018

SEARCH

CATEGORIES

  • CCPA (1)
  • Charities (1)
  • Events (1)
  • GDPR (20)
  • New Bytes (3)
  • News & Blog (17)
  • Workplace Conduct (1)

TAG CLOUD

Brexit Business CCPA Charities CNIL cybersecurity data privacy data protection DPC EU Facebook fines GDPR Google ICO LGDP LIBE mark zuckerberg marriott Microsoft PIPEDA privacy shield US

ARCHIVES

  • December 2019 (2)
  • November 2019 (1)
  • July 2019 (3)
  • May 2019 (3)
  • March 2019 (2)
  • January 2019 (3)
  • December 2018 (5)
  • November 2018 (2)
  • September 2018 (1)
  • July 2018 (1)
  • June 2018 (2)

LATEST POSTS

  • business-2846221_1920
    Data Privacy News Bytes 12th December
  • cell-phone-1245663_1920 (1)
    Data Privacy News Bytes 5th December 2019
  • microsoft building
    Data Privacy News Bytes Nov 28th
  • Brexit
    What Brexit Means for GDPR Compliance in the UK
  • Marriott Hotels
    Marriott Faces over £99m GDPR Fine

QUICK LINKS

  • About Us
  • Resources
  • Privacy Policy
  • Terms
  • Manage Consent
  • Contact Us

Sovy GDPR Privacy Essentials

  • Subscription Benefits
  • Pricing
  • Log in
  • GDPR for Small Businesses
  • GDPR for Enterprises
  • GDPR for Charities

SOVY LOCATIONS

Ireland HQ

Registered Office
The Black Church
St. Mary’s Place
Dublin 7

Trading Office
Unit 112, Ashbourne Trading Estate
Ashbourne
Co. Meath
A84VN32
Ph: +353 (0)1 669-4774

Brussels

Rond-Point Schuman 11
1040 Brussels
Belgium

London

Registered Office
Kemp House
152-160 City Road
London EC1V 2N

Trading Office
Atlantic House
351 Oxford Street
London W1C 2JF

New York

NY Metropolitan Area
2037 Lemoine Ave
Suite 452,
Fort Lee, N.J. 07024, USA

ASSOCIATIONS

Copyright © 2019 Sovy Trust Solutions Limited. All Rights Reserved. Registered in Ireland, No. 610835 and No. 605069

We use cookies to enhance your experience on our website. If you continue without changing the cookie settings, you consent to their use. Adjust cookie settings by clicking Manage Cookies.  
Accept
Manage Cookies

Cookie Consent Settings

  • About Cookies
  • Strictly Necessary Cookies
  • Performance Cookies
  • Functional Cookies
  • Advertising Cookies
  • Individual Rights
  • Privacy Policy
About Cookies
Why we use cookies?

To make this site work properly, sometimes we place small data files called cookies on your device. This is a common practice for websites.

What are cookies?

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

How do we use cookies?

There are 4 types of cookies that we use: Strictly Necessary, Performance, Functional and Advertising.

Please remember that if you delete your cookies, or use a different browser or device you will need to reset your cookie consent settings.

Strictly Necessary Cookies Always Active

These cookies are essential to use this website and its features, such as accessing secure areas of the website or using a shopping basket. They are not used for tracking or advertising purposes. We do not share this data. We use the strictly necessary cookies listed below:

  • HubSpot
  • SOVY Cookie Consent
  • Stripe Payment
  • Woocommerce
  • Wordpress
Performance Cookies Active

These cookies collect information about how you use a website, such as which pages you visit most often or if you see error messages. These cookies do not collect information that identifies you. Information collected is aggregated and anonymized to improve how this website works. We use the performance cookies listed below:

  • Clicky Analytics
  • Google Analytics
  • HubSpot
Functional Cookies Active

These cookies allow this website to remember choices you make, such as your user name, language or your geographical region and provide personalized features. Also, they are used to remember your progress in important features of the website, such as your progress in a video so you can return to the same spot, and features such as changes you made to text size, fonts and other customizations. We use the functitonal cookies listed below:

  • Wistia
Targeting Cookies Inactive

These cookies are used to deliver advertisments more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns. They remember that you have visited a website and this information is shared with other organisations such as advertisers. We use the advertising cookies listed below:

  • AddThis
  • Facebook Pixel
  • Linkedin Ads Pixel
Individual Rights

The General Data Protection Regulation (GDPR) specifies rights for European Union data subjects. We are extending these to all our website users. You have a right to:

Be Informed
  • Receive information about your personal data that we collect, store or process in a clear, simple, and transparent manner
  • Receive privacy information at the time we collect your personal data
  • Receive information about our purpose for collecting and using your personal data, how long the personal data is retained and whom it may be shared with, if anyone.
  • Read More
    Access
  • Access your personal data as well as other supplementary information. This is commonly referred to as subject access
  • Make a subject access request verbally or in writing
  • Take Action | Read More
    Rectification
  • Request your inaccurate personal data to be corrected or completed
  • Take Action | Read More
    Erasure (to be forgotten)
  • Request to have your personal data erased. This right is not absolute and only applies in certain circumstances.
  • Take Action | Read More
    Restrict processing
  • Request the restriction or suppression of your personal data under certain circumstances. This right is not absolute and only applies in certain circumstances.
  • Take Action | Read More
    Data Portability
  • Request to obtain and reuse your personal data
  • Request to move, copy or transfer your personal data
  • This right only appies to your personal data provided to a data controller.
  • Take Action | Read More
    Object
  • Request that we stop processing your personal data in certain cirumstances such as direct marketing or profiling purposes.
  • Request, In certain circumstances, to object to processing of your personal data for:
    • a task carried out in the public interest;
    • the exercise of official authority vested in us; or
    • our legitimate interests (or those of a third party).
  • Take Action | Read More
    Take Action
    Request Type:
    Name*
    Email*
    Country
    Request Details