The long and, for some, stressful wait for a Safe Harbor replacement may be over. Reports indicate that EU and U.S. officials have agreed on terms for the new “EU-U.S. Privacy Shield.”
The big question now: When drafted, will it survive if its validity is challenged and the complaint returns to the European Court of Justice? The very reason behind the Schrems decision was U.S. surveillance practices, which haven’t changed. The last-minute amendment to the Judicial Redress act, said to be the “National Security Amendment,” may not help the United States in this fight, either. The purpose of the amendment is as follows:
“To provide that, in order to qualify as a covered country, a foreign
country must permit commercial data transfers with the United States
and may not impede the national security interests of the United States.”
It seems that there are still bigger issues to iron out. If the EU-U.S. Privacy Shield is put into place, even for a little while, it could buy many international organizations valuable time to work on internal policies and procedures relating to data protection and transatlantic data transfers.
After all, an investment here could save a lot of money down the road — enforcement actions under the coming General Data Protection Regulation could cost up to 4 percent of a company’s global annual revenue.