Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

Article 29 WP response to “Privacy Shield”

By Nick Graham
February 4, 2016
  • Europe
Share on Facebook Share on Twitter Share via email Share on LinkedIn

The Article 29 Working Party (WP 29) published their initial response to the new Privacy Shield yesterday.

Here’s the good news:

  • WP 29 welcomes the conclusion of negotiations by the deadline (actually, the deal was announced on Tuesday which is a couple of days late but let’s overlook that).
  • WP 29 looks forward to receiving the relevant documents to analyse the detail. They want to look at the content and legal bindingness of the arrangement to assess whether it deals with the risk of massive and indiscriminate surveillance (as per the Schrems judgment).

Here’s another interesting development:

  • WP 29 has been assessing the current legal framework and practices of US intelligence and has decided on 4 “essential guarantees” that will be required: (a) clear, precise and accessible rules on surveillance; (b) access to be proportionate at all times; (c) independent oversight mechanism (judge/independent body); and (d) effective remedies.

Next Steps

The Commission now has to deliver on the detail. It will communicate all documents pertaining to the new arrangement to WP 29 by the end of February.  WP 29 will then run its assessment on the Privacy Shield proposal (it’s not the law yet).  It will also review other transfer mechanisms such as model clauses and BCRs.

What does this mean for business now?

  • Don’t rely on the Privacy Shield just yet. It’s not an “adequacy decision” and the detail needs to be provided and assessed.
  • Ensure data transfers are either covered by model clauses or BCRs or one of the other derogations.
  • As we recommended previously: do a “fact find” (to identify what data is collected and shared, data flows, data centres and purposes of onward transfer);
  • Consider prioritising data flows to ensure that model contracts are applied to the important data flows as early as possible;
  • Unless an alternative transfer mechanism in place, there is a risk of enforcement action. WP 29 is clear that you can no longer rely on old Safe Harbor.
Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Nick Graham

About Nick Graham

Nick Graham is the Global Co-Chair of Dentons' Privacy and Cybersecurity Group. He specialises in data privacy, cybersecurity, information governance. Nick advises across all sectors including retail, telecoms, energy, manufacturing, banking, insurance, transport, technology and digital media.

All posts Full bio

RELATED POSTS

  • Europe
  • New and Proposed Laws

New guidance from the Polish DPA: a warning for all Safe Habor (ex)participants

By Dariusz Czuchaj
  • Data Breach
  • Enforcement
  • Europe
  • Marketing, Cookies & Spam
  • United Kingdom

ICO Release Annual Report

By Nick Graham
  • Europe

UK Government launches “Cyber Essentials” badge

The UK Government has launched a new cyber security certification framework called “Cyber Essentials“. This is part of a continuing effort […]

By Nick Graham

About Dentons

Dentons is the world’s largest law firm, delivering quality and value to clients around the globe. Dentons is a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. Dentons’ polycentric approach and world-class talent challenge the status quo to advance client interests in the communities in which we live and work. www.dentons.com.

Dentons Digital

Twitter

Categories

  • Accountability
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2021 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site