The Privacy Shield
Produced in partnership with Vikki Hoyle and Hayley Morris of Walker Morris LLP
The Privacy Shield

The following Employment guidance note Produced in partnership with Vikki Hoyle and Hayley Morris of Walker Morris LLP provides comprehensive and up to date legal information covering:

  • The Privacy Shield
  • Overview of the Privacy Shield
  • Signing up to the Privacy Shield
  • What are the principles?
  • Complaints handling and redress
  • Enforcement
  • Access for national security purposes
  • Joint annual review
  • What next for the Privacy Shield?

STOP PRESS: On 16 July 2020 the Court of Justice ruled in Facebook Ireland and Schrems, Case C-311/18 that the Privacy Shield was invalid. It also made further rulings relating to the use of standard contractual clauses (also known as Model Clauses) for transfers of personal data to third countries. This Practice Note will be updated in due course.

For further guidance meanwhile, see News Analysis: Privacy Shield invalidated and adequacy of SCCs must be specifically assessed (Facebook Ireland and Schrems).

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU law. During this period, the GDPR applies in the UK and the UK generally continues to be treated as an EU (and EEA) state for EEA and UK data protection law purposes. Any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of the implementation period. For further guidance on that period, its duration and the data protection laws that are anticipated to apply after the end of it, see Practice Note: Brexit—implications for data protection.

An individual's right to privacy and to the protection of their personal data are fundamental human rights enshrined in Article 7 (the right to