News and Insights

Print this page

Search News & Insights

Privacy Shield Update

AUTHOR(S): Anne-Marie Bohan, Pat English, Robert O’Shea, John Ryan, Mark O’Sullivan
PRACTICE AREA GROUP: Technology and Innovation, International Business, Asset Management and Investment Funds, Insurance and Reinsurance
DATE: 28.09.2016

As you will be aware from previous Matheson updates in our ongoing series relating to international data transfers, the General Data Protection Regulation and privacy generally, the EU-US Privacy Shield (the “Privacy Shield”), which replaces Safe Harbour, was approved with effect from 1 August 2016. 

The Privacy Shield enables the legitimate transfer of personal data to a US-based organisation. The Privacy Shield operates under a system of self-certification through which US organisations agree to abide by specified privacy principles (the “Principles”), including in relation to notice, accountability for onward transmission to a third party, and recourse, enforcement and liability, thereby endowing personal data transfers from the European Economic Area to self-certifying entities with “essential equivalence” in terms of data protection. 

While an application for self-certification can be made at any time, there may be a benefit in doing so now, before 30 September this year. In general, the Principles will apply immediately upon self-certification. There is, however, a limited exception relating to the accountability for onward transfer principle in cases where an organisation already has pre-existing commercial relationships with third parties to which it transfers personal data. Provided that self-certification takes place before 30 September, the certifying organisation will be in a position to avail of an (up to) nine month transitional period with regard to its existing commercial arrangements with third parties.

Please contact Anne-Marie Bohan or your usual Matheson contact if you have any queries or require any assistance in relation to the Privacy Shield.

Further reading on Data Protection:

The European Commission formally adopted the Privacy Shield framework on 12 July 2016, read our communication on the decision here.

On 6 October 2015, the Court of Justice of the European Union issued its ruling in the case of Schrems v Data Protection Commissioner.


About cookies on our website

Following a revised EU directive on website cookies, each company based, or doing business, in the EU is required to notify users about the cookies used on their website.

Our site uses cookies to improve your experience of certain areas of the site and to allow the use of specific functionality like social media page sharing. You may delete and block all cookies from this site, but as a result parts of the site may not work as intended.

To find out more about what cookies are, which cookies we use on this website and how to delete and block cookies, please see our Which cookies we use page.

Click on the button below to accept the use of cookies on this website (this will prevent the dialogue box from appearing on future visits)