Banks harbour doubts about new Privacy Shield

Author: Amélie Labbé | Published: 22 Jul 2016

Transatlantic data transfers will now be governed by a new framework, after the European Commission (EC) adopted the EU-US Privacy Shield on July 12. But uncertainty will surround its application for banks until challenged in US or EU courts.

The new set of rules replaces the much criticised 16-year old Safe Harbour agreement, which allowed US companies to self-certify that they would adequately protect EU personal data transferred to them.

According to Renzo Marchini, special counsel at Dechert, and head of its EU data protection practice, a common criticism from some EU regulators is that some companies were self-certifying without ensuring proper compliance with the rules. 

The European Court of Justice deemed the Safe Harbour system invalid in an October 2015 ruling on the basis that there were a number of exceptions to its application in the US – namely national security, public interest and law enforcement requirements.