Commercial Data Flow Between U.S. And EU Threatened

According to a Lawfare article, the most pressing issue in the data privacy and protection arena is the uncertain fate of Privacy Shield, the framework governing the flow of data between the EU and the U.S. for commercial purposes. In order to rely on Privacy Shield to transfer data from the EU, participating organizations must self-certify to the U.S. Department of Commerce their adherence to 23 principles laying out the requirements for the use and treatment of personal data received from the EU, as well as access requests and recourse mechanisms for EU citizen complaints. The EU says the U.S. is out of compliance with the terms of the agreement and is threatening to suspend it.  EU commissioner for justice Vera Jourová sent Commerce Secretary Wilbur Ross a letter stating her concerns in July, but there has been no progress so far. Meanwhile, Maximilian Schrems, the plaintiff whose case brought down a previous agreement is now challenging Privacy Shield. He alleges that when his personal data is transferred to the U.S. it is “made available to US government authorities under various known and unknown legal provisions and spy programs.” If the case succeeds, the adequacy of underlying U.S. surveillance and privacy law, which also applies to data transferred under Privacy Shield, will come into question.