EU-US Privacy Shield scheme threatened

Legal Update

Not adequate protection?

The important Committee on Civil Liberties, Justice and Home Affairs (LIBE) of the European Parliament has formally requested the EU-US Privacy Shield scheme be suspended by the European Commission.

They cite concerns over inadequate data protection for EU Citizens, and the US have until 1st September 2018 to fully comply with the terms of the scheme.

Facebook and Cambridge Analytica

The case of the Facebook / Cambridge Analytica data breach is identified as an occasion when US authorities have not responded as they should. Given both companies were signatories of the scheme one might have expected more obvious concern from US regulators.

The vote on the resolution requesting suspension of the scheme narrowly passed, and the full house is expected to vote on the text in July.


Many people are using service providers in the US, and transferring personal data to them. There are only a small number of legal bases to make such a transfer of personal data legal, and by far the simplest is the EU-US Privacy Shield scheme. It is self-certified by organisations, which may seem to offer a low level of protection. Despite this in 2016 the EU deemed the scheme to be adequate, it then replaced the defunct Safe Harbor scheme.

If you are depending on the scheme to legitimise transfers of personal data to the US, this could put you on the wrong side of the legal line at a stroke.

If you need advice about GDPR, contact us!

FREE initial consultation!

Call now on 0800 2800 679