Most international businesses are avoiding the use of privacy shield between the United States and the European Union (privacy shield) to legitimize the transfer of transatlantic data. So it is drawn from a survey conducted by the International Association of Privacy Professionals (IAPP) entity and sponsored by Ernst & Young.
Only 34% of respondents indicated they are planning to benefit from the privacy shield, in contrast with 50% who used the previous Safe Harbor frame. Specifically, the privacy shield was designed as a substitute for Safe Harbor, which allowed transfers of data between the European Union and the United States since 2000.
In 2015, this agreement was declared safe harbor invalid, following a lawsuit against Facebook. Faced with that 34% that expected to benefit from the privacy shield, 80% of respondents indicated they are currently using standard contractual clauses to allow data transfer.
This method, according to the survey, could be considered invalid in the Court of Justice of the European Union. If these provisions were declared invalid, global organizations could be without a legal channel for transferring data across the Atlantic.
“The legal uncertainty of the standard contractual clauses and skepticism about the shield of privacy could be a direct effect of the case of Max Schrems invalidating the Safe Harbor framework in European courts,” said Trevor Hughes, president and CEO of IAPP.