Schrems II Put Privacy Shield Program at Risk; More Than 250 European Companies are Participating
The July 16, 2020 Schrems II decision by the Court of Justice of the European Union (CJEU) ruled that the US/EU Privacy Shield framework is an insufficient mechanism for cross-border data transfers. How big of a deal is that? Just prior to the Schrems II decision, FPF conducted a study of the companies enrolled in the US/EU Privacy Shield program and determined that at least 259 European headquartered companies are active participants.
EU-headquartered firms and major EU offices of global firms depend on the Privacy Shield program so that their related US entities can effectively exchange data for research, to improve products, to pay employees, and to serve customers. Nearly one-third of Privacy Shield companies use the mechanism to process human resources data—information that is crucial to employ, pay, and provide benefits to workers.
The FPF study has additional information about the scope of the Privacy Shield program.