small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Privacy & Data Security

Blog

From Safe Harbor to the New EU-U.S. Privacy Shield: What Should We Do Right Now?

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page
  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

Blog

From Safe Harbor to the New EU-U.S. Privacy Shield: What Should We Do Right Now?

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

1 Min Read

Related Locations

Chicago

Related Topics

Europe Privacy
Consumer Privacy

Related Capabilities

Privacy & Data Security

Related Regions

Europe
North America

February 3, 2016

The news has been zipping around the Internet. The EU Commission has announced that a “new framework for transatlantic data flows” has been agreed upon, called the EU-U.S. Privacy Shield. Of particular concern had been the potential that U.S. companies participating in the Safe Harbor framework would provide EU individuals’ personal data to the U.S. government. Under the new “Shield” program, the U.S. and the EU have agreed that there will be “clear conditions, limitations, and oversight” on the provision of EU individuals’ data to U.S. authorities.

The announcement has companies asking their lawyers: what should we do today to get under this Shield? The answer is, unfortunately, not much. The new framework has not yet been put in place on the U.S. side, and the EU has not yet drafted its adequacy decision. The Commission has indicated, though, that the Shield program will require companies to “commit to robust obligations” on the data security front. The program will also permit EU data protection authorities to refer EU citizen complaints to the FTC.

TIP: Until the Privacy Shield program is put in place, companies engaging in transfers of data from the EU to the U.S. have the same options we have discussed in the past. Companies may also want to start thinking about how they will live up to “robust” data security promises and how they might address complaints from the EU that would get referred to the FTC.

This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2025. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising