The Privacy Shield
Produced in partnership with Vikki Hoyle and Hayley Morris of Walker Morris LLP
The Privacy Shield

The following Information Law guidance note Produced in partnership with Vikki Hoyle and Hayley Morris of Walker Morris LLP provides comprehensive and up to date legal information covering:

  • The Privacy Shield
  • Overview of the Privacy Shield
  • Signing up to the Privacy Shield
  • What are the principles?
  • Complaints handling and redress
  • Enforcement
  • Access for national security purposes
  • Joint annual review
  • What next for the Privacy Shield?

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU law. During this period, the GDPR applies in the UK and the UK generally continues to be treated as an EU (and EEA) state for EEA and UK data protection law purposes. Any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of the implementation period. For further guidance on that period, its duration and the data protection laws that are anticipated to apply after the end of it, see Practice Note: Brexit—implications for data protection.

An individual's right to privacy and to the protection of their personal data are fundamental human rights enshrined in Article 7 (the right to private and family life) and Article 8 (the right to protection of personal data) of the European Charter of Human Rights, as well as Article 16 of the Treaty of the Functioning of the European Union.

 Article 44 of the General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) prohibits controllers in EEA member states:

  1. from transferring personal data to any territory outside the EEA

  2. unless the conditions laid out in Chapter V of the GDPR are complied with by the