The Protiviti View  | Insights From Our Experts on Trends, Risks and Opportunities

The Protiviti View

Insights From Our Experts on Trends, Risks and Opportunities
Search

POST

2 mins to read

Flash Report: European Court of Justice Invalidates the EU-U.S. Privacy Shield Framework

Views
Larger Font
2 minutes to read

In a landmark ruling with sweeping implications for global companies, on Thursday, July 16 the Court of Justice of the European Union (CJEU) ruled, in essence, that the personal data of EU citizens must be provided the same protections granted by GDPR, the European data privacy law, regardless of what jurisdiction the data is moved to or processed in – and that the Privacy Shield framework in place up to this point did not ensure that protection.

The ruling stems from a 2015 case (analyzed here), in which an Austrian privacy rights activist, Maximillian Schrems, spurred by the Edward Snowden revelation of wide-spread U.S. surveillance, took issue with the ability of Facebook to make private data of EU citizens available to U.S. authorities, in violation of the EU Charter. Ultimately, the CJEU found that the Safe Harbor principles, which at the time governed the transfer of data between EU and U.S., did not provide adequate protection of the private data of EU citizens that is required by the GDPR. Consequently, the Safe Harbor principles were revoked and replaced by a more robust framework, Privacy Shield. The latest and final ruling of the court this week invalidates Privacy Shield as well, for similar reasons of inadequate protection. This leaves companies with EU interests scrambling to put in place immediate measures to safeguard any EU members’ data they use, process or transfer, in lieu of the Privacy Shield protocols. The ruling provides no grace period for the transition, and the decision of the court cannot be appealed.

This is a major development in the data privacy realm. Protiviti has issued a Flash Report with detailed background of the ruling, an overview of the regulations that remain in place, and a list of recommended actions for companies to take right away.

To stay informed of breaking news and other developments in the data privacy field, subscribe to our blog or visit our website.

Read additional posts on The Protiviti View related to Cybersecurity and Risk & Compliance.

Was this post helpful to you?

Thanks for your feedback!

Subscribe to The Protiviti View Blog

To face the future confidently, you need to be equipped with valuable insights that align with your interests and business goals.

In this Article

Authors

The Protiviti View

By The Protiviti View

Verified Expert at Protiviti

EXPERTISE

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

While the return-to-office decision is often framed in a straightforward manner — we believe collaboration, productivity and innovation flourish more...

Article

What is it about

What you need to know: Aging systems, data silos, regulatory pressures and talent gaps complicate enterprise transformation for public utilities....

Article

What is it about

The top priority for healthcare internal auditors this year is cybersecurity, according to a survey by Protiviti and the Association...

Search