EU-US Privacy Shield Undergoes Second Review by EU Commission and (Re)Passes the Test—For Certifying Companies, Santa Has Come to Town

On December 19, the EU Commission (“Commission”) published its report to the European Parliament and the Council on the second review of the functioning of the EU-US Privacy Shield (the “Report”).

To the relief of the 3,850 US companies who have certified to the Privacy Shield, and those entities transferring personal data to them, the Commission concluded that the Privacy Shield framework ensures an adequate level of protection for personal data and, therefore, can still be used as one of the available transfer mechanisms under the General Data Protection Regulation (“GDPR”). Nonetheless, the review identified some immediate actions for the US government to take in order to continue to keep the Privacy Shield framework on secure footing.

Mayer Brown’s Legal Update focuses on the findings of the Report, its support of the Privacy Shield as a valid mechanism to transfer data and the improvements that the Commission is expecting for the mechanism to be sustained going forward.

Visit the Mayer Brown website for the full Legal Update.


Mayer Brown partners Charles Albert-Helleputte, Lei Shen, Oliver Yaros, Mark A. Prinsley , counsel Kendall C. Burman, and associate Diletta De Cicco highlight areas of interest in this Legal Update.

Related Content