On July 16, 2020, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield program.

Click here for the decision and here for the accompanying press release.

The Court concluded that (i) the EU-U.S. Privacy Shield program (“Privacy Shield”) does not provide adequate safeguards and the European Commission’s adequacy decision which facilitates the ability of participating companies to transfer personal data from the European Union (EU) to the United States is invalid; and (ii) Standard Contractual Clauses (SCCs) remain a valid mechanism for such transfers, although a case-by-case evaluation of their sufficiency may be required by local data protection authorities as well as controllers and processors.

Read more about the judgement and next steps related to standard contractual clauses for cross-border transfers of personal data to the United States in the Alert I prepared along with my colleagues Kevin Coy and Erin Doyle. Click here to read our Alert.