This page contains a Flash digital edition of a book.
Interactive DATA PRIVACY AND PROTECTION


EU/US Privacy Law - Shield or Spear?


In the July issue of G3, Cooley’s Sarah Pearce and Jane Elphick discussed data privacy and protection in light of the forthcoming Privacy Shield. Here they examine the framework and offer their tips for what companies need to know


Sarah Pearce, Partner, Cooley’s Technology Transactions Group


Sarah Pearce is a partner in Cooley’s Technology Transactions Group and is resident in the firm's London office. While her focus is on technology, Sarah also advises a diverse selection of clients (particularly in the consumer products and retail sector) on general commercial matters, including data protection and privacy issues.


Te Chinese saying (zì xiāng máo dùn) literally means to use one's spear against one's shield. It dates back to circa 280-233 B.C. and evolved from the story of a business merchant who claimed he had both the world's strongest spear and the strongest shield.


When the merchant was questioned as to what would happen if he used his spear against his shield, he did not have an answer. Its everyday meaning is to contradict and is used to describe two things that oppose each other from the beginning, ultimately resulting in something impossible. Te current privacy landscape is full of contradictions and is a very real issue for the gaming world (as one new phenomenon of a game recently discovered). One of the "hot topics" in the world of privacy lately is the EU- US Privacy Shield. Below, we analyse the key issues surrounding the Privacy Shield in its quest to strike what seems to be an unachievable balance between an individual's right to privacy and national security.


Jane Elphick, Associate Cooley Technology Transactions Group


Jane advises on a range of commercial agreements and technology transactions, principally in the TMT and retail sectors. She also provides privacy, data protection, consumer rights and e-commerce advice.


P120 NEWSWIRE / INTERACTIVE / 247.COM


LET'S REWIND. Te imbalance was first brought to light by


Edward Snowden, whose revelations a few years ago cast serious doubt on the extent to which the Safe Harbor framework protected EU personal data when transferred to the US. Ten came Max Schrems, an Austrian law student who took issue with the ways in which the National Security Agency (“NSA”) can access EU personal data once on US soil. While his complaint to the Irish Data Protection Commissioner failed on the NSA argument, he also claimed that the transfer


of his data from the EU to the US violated EU law. Europe's highest court agreed with Schrems and in October 2015, it declared Safe Harbor invalid. Both sides of the Atlantic have since worked to come up with an alternative and on 12 July 2016, the European Commission approved the "new and improved" EU-US Privacy Shield, which replaces the now defunct Safe Harbor scheme.


WHY IS THIS SUCH A BIG DEAL? Under EU data protection law, personal data of


EU citizens must be provided adequate levels of protection wherever it may be located or transferred to. In fact, it is a principle of EU law that such personal data cannot be transferred outside of the European Economic Area (“EEA”) unless the transferee country has “adequate” levels of protection. Tere are certain mechanisms available to allow for such international transfer with this prohibitive backdrop however - these include a finding of adequacy (where the European Commission declares a country's data protection laws as good as the EU's, Model Clauses (European Commission approved contracts) and Binding Corporate Rules (pre-agreed intra-group rules on global data handling data).


Unfortunately, the US does not pass the test on its own based on the general privacy laws currently in place so, with no adequacy decision is in place, companies wanting to transfer data outside of the EEA to the US must rely on one of these other alternative mechanisms. Te Safe Harbor framework previously provided another alternative for US companies in particular: by


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100  |  Page 101  |  Page 102  |  Page 103  |  Page 104  |  Page 105  |  Page 106  |  Page 107  |  Page 108  |  Page 109  |  Page 110  |  Page 111  |  Page 112  |  Page 113  |  Page 114  |  Page 115  |  Page 116  |  Page 117  |  Page 118  |  Page 119  |  Page 120  |  Page 121  |  Page 122  |  Page 123  |  Page 124  |  Page 125  |  Page 126  |  Page 127  |  Page 128  |  Page 129  |  Page 130  |  Page 131  |  Page 132