The Court of Justice of the European Union (CJEU) has invalidated the Privacy Shield framework which regulates the exchange of personal data for commercial purposes between the EU and US.
The Privacy Shield contained written assurances guaranteeing that US access to the personal data of EU citizens would be limited by safeguards and oversight mechanisms. However, the CJEU found there are insufficient protections for fundamental data protection rights. This means US authorities have extensive access to the personal data of EU citizens.
Following the decision by the CJEU the Biden administration is negotiating with the EU Commission. They now need to conclude an enhanced successor agreement to the Privacy Shield. If an agreement is not reached then European companies will need to use alternative methods of GDPR compliance.
You can view the official website of the Privacy Shield and their FAQs here.
Here at Value Privacy, we provide a Privacy Health Check for your company. We perform checks to make sure that your company is compliant with all relevant legislation. With the introduction of LPGD in Brazil it may only be a matter of time before more issues like this start to impact US companies. See how our services could take the hard work out of making sure you never get caught out. You can also contact us for a free, confidential assessment with us.