This blog post has been superseded by https://zorva.info/2020/07/29/privacy-shield-invalid-important-update-29jul20/
Last week the European Court of Justice struck down the EU-US Privacy Shield, the agreement and accreditation scheme that made it lawful to transfer personal data from the EU (and the UK) to the US.
Privacy Shield replaced the Safe Harbor agreement in August 2016, when it too was deemed unlawful. In a very recent court case at the ECJ, Privacy Shield was challenged, and was deemed not to be an appropriate safeguard as required under GDPR.
So, what does that mean for you? Well, if you have been relying on the Privacy Shield accreditation to transfer data to the US, you can no longer do so. Instead, you will need to use Standard Contract Clauses, a non-negotiable legal contract drawn up by Europe, which is used in countries other than the US, and in the US for transfers to organisations that were not Privacy Shield accredited.
Our own ICO has noted the judgement, and we are waiting or more guidance, but I am already creating SCC’s for clients who need to maintain transfers of data.
Contact me for more information or to discuss any specific situations that you are concerned about.