Google is one of the most recent high profile companies to register on the EU - US Privacy Shield list.
Privacy Shield is the new framework adopted by the EU Commission in July this year, under which transfers of personal data of EU citizens to Companies in the US are permitted. This was developed and adopted after the former "Safe Harbour" framework for EU - US data transfers was struck down by the European Court of Justice in late 2015 as being unfit for purpose.
The privacy Shield is currently in its infancy and having examined the Privacy Shield List at the time of writing it is clear that only a handful of US companies have yet registered to date.
Privacy Shield is similar to the former Safe Harbour framework in that companies registering for Privacy Shield are required to self-certify as being compliant with the Privacy Shield framework. The new framework has not yet been challenged, however Max Schrems who successfully took the famous case against Facebook has already raised concerns with the protections offered by the new framework.
It is an interesting time for any companies involved in transatlantic data transfers where there is continuing ambiguity as to whether the checks and balances in place are sufficient to protect the personal data of EU citizens who are customers.
We have recently assisted clients in preparing reseller agreements, distribution agreements, referral agreements and agency agreements where there were necessary transatlantic transfers of data taking place. We advise any companies entering into similar arrangements to include warranties and undertakings on the part of the US counterparties to such agreements to register on the Privacy Shield List prior to entering into the contract.
Google is the latest company to seek compliance with the Privacy Shield Framework developed jointly by the U.S. Department of Commerce and the European Commission