Irish Privacy Group lodges first legal challenge to validity of EU-US “Privacy Shield”
Digital Rights Ireland, an Irish privacy advocacy group, has lodged the first legal challenge to the EU-US “Privacy Shield”, less than two months since its formal adoption.
The privacy group has applied to the European Court of Justice (CJEU) applying for an annulment of Privacy Shield.
Privacy Shield, adopted on July 12th 2016, concluded that the United States has ensured an “adequate level of protection” for personal data transferred between the EU & the USA, despite widespread criticism that US domestic laws make it effectively impossible for US based data-processors to comply with the terms of the forthcoming GDPR. Under the terms of Privacy Shield, US-based data processors are allowed to self-certify their GDPR compliance.
In October 2015, the CJEU invalidated the predecessor to Privacy Shield, known as “Safe Harbor”, on the grounds that Safe Harbor failed to take account of overriding US legislation that permits US authorities (such as the NSA) to have access to personal data of EU citizens.