Sovy recognised by KuppingerCole Independent Analysts More Info
  • Home
  • |
  • Log In
  • |
  • Contact
  • |
  • 0
Sovy
  • Products
    • Sovy GDPR Privacy Essentials℠
    • Sovy Academy℠
    • Sovy Advisory Services
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy News
  • Pricing
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
    • Contact Us
  • Products
    • Sovy GDPR Privacy Essentials℠
    • Sovy Academy℠
    • Sovy Advisory Services
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy News
  • Pricing
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
    • Contact Us

Data Privacy News

July 9, 2018

EU LIBE Issues with Privacy Shield – What SMEs Need To Know

Parliament Civil Liberties Committee (LIBE) voted 29-25 to suspend the EU-US Privacy Shield if it does not fix gaps in compliance by September 1. In making its Resolution, which is non-binding but puts pressure on the Commission to act accordingly, the LIBE Committee highlighted a few of the most prevailing issues:

  • US extension of surveillance measures (FISA Section 702) that allow the government to conduct mass warrantless surveillance over non-US citizens (and arguably over US citizens too). This clause was part of the reason the Court of Justice of the European Union (CJEU) invalidated Safe Harbour in 2015, and the US recently extended it for another 6 years.
  • US recent adoption of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) that grants US and foreign police access to personal data across borders.
  • Skepticism over Privacy Shield’s effectiveness in light of the Facebook-Cambridge Analytica scandal, Facebook’s admission of additional personal data transfers to other companies and other companies’ questionable personal data handling practices. Both Facebook and a subsidiary of Cambridge Analytica were registered members of Privacy Shield.

Potential Impact on SMEs

According to a joint survey conducted in 2017 by the IAPP and EY, 67 percent of surveyed SMEs said they planned to use Privacy Shield by 2018. Indeed, Privacy Shield holds many advantages to SMEs relative to other data transfer mechanisms such as Binding Corporate Rules (typically for larger enterprises) and Model Contract Clauses (which typically necessitate stronger legal background than many small businesses have or can afford).

If Privacy Shield is invalidated in the coming months, businesses will have to turn to other binding legal safeguards. The EU’s GDPR outlines some of these alternatives in Article 46(2). These alternatives generally focus on adopting enforceable contractual commitments and clauses that the EU Supervisory Authority approves or drafts.  But presently, none of these clauses or standards have been written nor disclosed by Supervisory Authority.  Businesses will need the Supervisory Authority’s guidance on procedures for implementation.

A final decision to invalidate Privacy Shield means that the EU Commission and its national Data Protection Authorities will have a great deal of work to do. They will need to issue guidance for businesses to implement feasible alternatives.

Should SMEs Be Concerned?

Yes, but it may be too early to adjust course or begin to change operational practices.

Two important notes regarding potential impact of this vote:

  • It is not the full parliament, just the LIBE Committee. The Parliament will hold a full vote later this month.
  • Only the Commission or the CJEU have the power to suspend Privacy Shield. The Commission is scheduled to hold its second annual review of Privacy Shield in October 2018, and the CJEU will hold a ruling on a new Schrems-Facebook case later this year which may very well negatively impact Privacy Shield.

Make sure your business is prepared for any eventuality. Ghttp://curia.europa.eu/juris/fiche.jsf?id=C%3B311%3B18%3BRP%3B1%3BP%3B1%3BC2018%2F0311%2FP&pro=&lgrec=en&nat=or&oqp=&dates=&lg=&language=en&jur=C%2CT%2CF&cit=none%252CC%252CCJ%252CR%252C2008E%252C%252C%252C%252C%252C%252C%252C%252C%252C%252Ctrue%252Cfalse%252Cfalse&td=%3BALL&pcs=Oor&avg=&mat=or&parties=Facebook&jge=&for=&cid=508221et compliant and stay compliant with Sovy’s GDPR Privacy EssentialsSM.

EU Facebook GDPR LIBE privacy shield US
Previous Story9 GDPR Myths Debunked
Next StoryGDPR News Bytes – 26th September 2018

SEARCH

CATEGORIES

  • 2020 (13)
  • CCPA (5)
  • Charities (1)
  • Coronavirus (3)
  • COVID-19 (3)
  • Events (1)
  • GDPR (51)
  • Google (1)
  • New Bytes (34)
  • News & Blog (48)
  • Opinions (25)
  • Workplace Conduct (1)

TAG CLOUD

2020 BEUC Brexit CCPA Charities China CJEU CNIL cookies coronavirus COVID-19 cybersecurity data breach data privacy data protection DfE DPC EDPB Facebook fine fines GDPR Google guidance H&M IAPP ICO LGDP LGPD mark zuckerberg Marriot marriott Microsoft notification online education oracle PIPEDA privacy shield salesforce Schrems II tik tok Uber UK US vodafone italy

ARCHIVES

  • February 2021 (1)
  • January 2021 (3)
  • December 2020 (4)
  • November 2020 (4)
  • October 2020 (4)
  • September 2020 (1)
  • August 2020 (1)
  • July 2020 (2)
  • June 2020 (3)
  • May 2020 (2)
  • April 2020 (2)
  • March 2020 (1)
  • February 2020 (1)
  • January 2020 (3)
  • December 2019 (3)
  • November 2019 (1)
  • July 2019 (3)
  • May 2019 (3)
  • March 2019 (2)
  • January 2019 (3)
  • December 2018 (3)
  • November 2018 (2)
  • September 2018 (1)
  • July 2018 (1)
  • June 2018 (2)

LATEST POSTS

  • Tik Tok Accused of Noncompliance with the GDPR
  • EDPB launches guidelines on Examples of Data Breach notification
  • GDPR at the End of 2020
  • The European Data Protection Board launches a series of recommendations following the CJEU’s decision C-311/18 (Schrems II)
  • CNIL fines Google LLC and Google Ireland with a total of €100 million for Using Cookies illegally

QUICK LINKS

  • About Us
  • Resources
  • Privacy Policy
  • Terms
  • Manage Consent
  • Contact Us

Sovy GDPR Privacy Essentials

  • Subscription Benefits
  • Pricing
  • Log in
  • GDPR for Small Businesses
  • GDPR for Enterprises
  • GDPR for Sole Traders
  • GDPR for Charities

SOVY LOCATIONS

Ireland HQ

Registered Office
St Gall's House
St Gall Gardens South
Milltown, Dublin 14
D14 Y882

Trading Office
Meath Enterprise Centre
Trim road, Navan
Co. Meath, C15 TKX6
Ph: +353 (0)1 669-4774

Brussels

Rond-Point Schuman 11
1040 Brussels
Belgium

London

Registered Office
Kemp House
152-160 City Road
London EC1V 2N

Trading Office
9-10 Staple Inn
2nd Floor
London WC1V 7QH

New York

NY Metropolitan Area
2037 Lemoine Ave
Suite 452,
Fort Lee, N.J. 07024, USA

ASSOCIATIONS

Copyright © 2020 Sovy Trust Solutions Limited. All Rights Reserved. Registered in Ireland, No. 610835 and No. 605069