EU-U.S. Privacy Shield Struck Down

Europe’s top court struck down the EU-U.S. Privacy Shield that workforce mobility companies use to protect the transfer of personal data of transferees between the EU and U.S.

On 16 July, Europe’s top court struck down the EU-U.S. Privacy Shield, a trans-Atlantic agreement that companies use to safely move data between the European Union and the United States. More than 5,000 companies including those in the workforce mobility industry use the system as it is integral to protecting the data of transferees.

The Privacy Shield was created in 2016 to replace the EU-U.S. Data Privacy Safe Harbor that companies used to protect data privacy for over a decade. Under the Privacy Shield, U.S. companies are obligated to self-certify with the U.S. Department of Commerce and publish their commitments on how personal data is processed and how individual rights are guaranteed. Those commitments are then subject to U.S. law and enforceable by the U.S. Federal Trade Commission to ensure that EU residents’ data is protected when shifted to the U.S.

According to analysis by the New York Times, the Privacy Shield was intended to “include a greater say for Europeans on how their information is used, the right to go to American courts when people think companies or the United States government may have misused their data, and written guarantees from American officials that government agencies will not indiscriminately collect and monitor Europeans’ data without cause.”

However, the European Court of Justice in Luxembourg ruled that the Privacy Shield did not comply with European privacy rights. American and European officials will now have to negotiate a new deal for transferring digital information, and businesses will have to find new legal mechanisms to continue moving data safely. This may include companies signing standard contractual clauses, or non-negotiable legal contracts drawn up by Europe.


Read More

How This Impacts Mobility

More than 5,000 businesses of all sizes rely on this framework to ensure protection for data coming to the U.S. from Europe. Such data privacy measures are crucial for the protection of employees being moved to the U.S. from the EU and vice versa. As this matter develops, Worldwide ERC® will continue to provide updates and guidance on what companies in the workforce mobility industry can do to comply with essential data protection rules. For questions regarding this matter, please reach out to Vice President of Member Engagement and Public Policy Rebecca Peters,