The US Department of Commerce has updated its FAQs on the EU-US Privacy Shield Program in light of the July 16, 2020 decision by the Court of Justice of the European Union in Schrems II.  While the guidance lacks concrete direction for organizations seeking to transfer personal data via a compliant mechanism, the FAQs formally set out the current state of flux, uncertainty, and confusion in the wake of the Schrems II.  

Also now formally apparent is that (1) the Commerce Department will continue to accept certifications and renewals from eligible companies; and (2) there is no grace period during which an organization can keep on transferring data to the United States without assessing its legal basis for the transfer.

A link to the full list of FAQs is available below, and now includes 5 additional topics for companies to consider.

  1. Can a Privacy Shield participant rely on the EU-U.S. Privacy Shield Framework to receive personal data from the European Union in light of the July 16, 2020 decision by the Court of Justice of the European Union (CJEU)?
  2. Will there be a delay or moratorium on enforcement by EU data protection authorities in light of the July 16, 2020 decision by the CJEU?  
  3. Why should U.S.-based organizations participate in the EU-U.S. Privacy Shield Framework in light of the July 16, 2020 decision by the CJEU?
  4. Have the requirements regarding re-certification under the EU-U.S. Privacy Shield Framework changed in light of the July 16, 2020 decision by the CJEU?  
  5. Have the requirements regarding withdrawal from the EU-U.S. Privacy Shield Framework changed in light of the July 16, 2020 decision by the CJEU?

To access additional related articles and helpful resources on this topic, please visit Baker McKenzie's Schrems II Resource Hub at https://www.connectontech.com/schrems-ii/  If you have questions about this or any other privacy law development, please contact the author directly at harry.valetk@bakermckenzie.com