If your company is one of the 5378 who have certified under U.S. #Privacy Shield, your world got rocked last night. /1
Despite Privacy Shield having been approved and re-approved over the years, it died last night. TL;DR - if you were relying on Shield, you now have to put Standard Contractual Clauses in place with your EU data exporters. /2
The reason for this is that the EU Court of Justice just said that because of FISA Section 702, the fact that our privacy ombudsman is not a tribunal, data subjects have no remedy against the government here, /3
and our government in its current form couldn& #39;t possibly care less about an individual& #39;s privacy if it gets in the way of law enforcement or security (pretty much the Court& #39;s words, not mine), /4
anyway because of all that, US companies can& #39;t possibly be trusted to keep data subjects information protected at the level required under the GDPR because if the government comes knocking, they have no choice. /5
This was not a surprising decision, particularly given the fact that the defendant in the case that gave rise to this was Facebook https://abs.twimg.com/emoji/v2/... draggable="false" alt="🙄" title="Gesicht mit rollenden Augen" aria-label="Emoji: Gesicht mit rollenden Augen">. But it still has a real and meaningful impact on thousands of U.S. companies this morning. /6
The full text is here - the good stuff starts at paragraph 163. http://uria.europa.eu/juris/document/document.jsf?text=&docid=228677&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=9715083">https://uria.europa.eu/juris/doc... /7
The Court& #39;s contempt for our surveillance state is fairly palpable. (Side note, I don& #39;t think this bodes well for an adequacy decision in the CCTV-happy UK either). /8
Good news, the standard contractual clauses that now have to replace reliance on Privacy Shield are just that - standard - so drafting them is not wildly expensive. Bad news - changing up all your practices to comply with them might be. /End
P.S. - Thanks @EuroPaulB for making me correct this - Standard Contractual Clauses are available now. They could be invalidated on a case-by-case basis by any of the Member State supervisory authorities at any time. After that, there are no mechanisms left.
You can follow @tara_aaron.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: