The Privacy Shield
Produced in partnership with Vikki Hoyle and Hayley Morris of Walker Morris LLP
The Privacy Shield

The following Employment guidance note Produced in partnership with Vikki Hoyle and Hayley Morris of Walker Morris LLP provides comprehensive and up to date legal information covering:

  • The Privacy Shield
  • Overview of the Privacy Shield
  • Signing up to the Privacy Shield
  • What are the principles?
  • Complaints handling and redress
  • Enforcement
  • Access for national security purposes
  • Joint annual review
  • What next for the Privacy Shield?

An individual's right to privacy and to the protection of their personal data are fundamental human rights enshrined in Article 7 (the right to private and family life) and Article 8 (the right to protection of personal data) of the European Charter of Human Rights, as well as Article 16 of the Treaty of the Functioning of the European Union.

 Article 44 of the General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) prohibits controllers in EEA member states:

  1. from transferring personal data to any territory outside the EEA

  2. unless the conditions laid out in Chapter V of the GDPR are complied with by the controller and the processor

As further explained in Practice Note: International transfers of personal data under the GDPR transfers will be permitted if there is a adequacy decision or under appropriate safeguards.

The European Commission (the Commission) may find that a third country (which is a country outside of the EEA) ensures such an adequate level of protection by reason of its domestic law or of the international commitments it has entered into in order to protect the rights of individuals. See also ICO Guidance: Guide to the General Data Protection Regulation (GDPR) which includes a dedicated section International transfers.

The US is not recognised by the Commission as providing an adequate level of protection. However, on 12 July 2016,