Transatlantic data transfers will now be governed by a new
framework, after the European Commission (EC) adopted the EU-US
Privacy Shield on July 12. But uncertainty will surround its
application for banks until challenged in US or EU courts.
The new set of rules replaces the much criticised 16-year
old Safe Harbour agreement, which allowed US companies to
self-certify that they would adequately protect EU personal
data transferred to them.
According to Renzo Marchini, special counsel at
Dechert, and head of its EU data protection practice, a
common criticism from some EU regulators is that some companies
were self-certifying without ensuring proper compliance with
The European Court of Justice deemed the Safe Harbour system
invalid in an October 2015 ruling on the basis that there were
a number of exceptions to its application in the US –
namely national security, public interest and law enforcement