It’s been almost one year since the EU-U.S. Privacy Shield (Privacy Shield) came into existence. Its upcoming annual review in September by the European Commission (Commission) and the U.S. Department of Commerce (DOC) – its first such review – is being viewed by many as a pivotal test for the framework. Success will boost confidence in the Privacy Shield’s durability, a vulnerability often cited by its critics. Even if it passes, however, the Privacy Shield is likely to continue to face challenges going forward.
Thus, for U.S. companies presently considering self-certification, the timing is right to ask the question whether the Privacy Shield is here to stay, and if so, how it might change going forward. To answer these questions, I think we need to recall the Privacy Shield’s origins and the context in which it arose, as well as fully understand its requirements and what compliance entails.
At the same time, it also is important for U.S. companies to consider the