Yesterday, the European Commission announced that EU and US officials had reached an agreement to implement a program known as the EU-US Privacy Shield. Privacy Shield is designed to be the successor to the Safe Harbor program, which the European Court of Justice (CJEU) invalidated last October. The announcement brings some relief to the many companies that previously had self-certified their compliance with the Safe Harbor program and feared enforcement actions brought by European data protection authorities (DPAs) against those Safe Harbor adherents who had not adopted alternative means of legitimizing transatlantic data transfers after the CJEU’s decision. However, as the Privacy Shield would not become effective for at least several more months, such enforcement actions are, theoretically, still possible... Continue Reading