This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Law & Policy

Current Issue (April 2016)

Volume: 13 Issue: 4



About Data Protection Law & Policy:

The monthly law journal which covers all aspects of data protection and data privacy: data transfer & outsourcing, marketing and e-marketing, freedom of information (FOI), employee monitoring, privacy compliance, online data acquisition and consent, personal data, website compliance and emerging technologies such as behavioural advertising, cloud computing and smart grids. / read more

Privacy Shield - now what?


This title is as sensationalist as this piece is going to get. I say this, because the announcement by the Article 29 Working Party (‘WP29’) on their stance on the EU-US Privacy Shield has been surrounded by much drama and somewhat exaggerated headlines. When it comes to transatlantic data flows between the EU and the US, we don’t need drama, we need a legal mechanism to overcome a slightly draconian prohibition and, more importantly, a way to extend the protection of personal data beyond the EU’s borders. The concerns raised by the WP29 may have been disappointing to those involved in crafting the Privacy Shield, but they were foreseeable given the huge sensitivities around surveillance and the feeling amongst privacy regulators that preventing a ‘1984’-type dystopia - as remote as it may seem in our democratic cultures - is their number one priority.

For what it’s worth, a team of us at my firm carried out a detailed legal analysis of the Privacy Shield following its publication. We considered the historical background that preceded the adoption of the Privacy Shield and the precise legal test created by the Court of Justice of the European Union (‘CJEU’) to determine its validity. Applying our knowledge and understanding of European and US law and our interpretation of the fundamental data protection legal principles, we concluded that the Privacy Shield Framework provided an ‘essentially equivalent’ level of protection to that afforded by European law. We did not say the Privacy Shield was a perfect framework for protecting personal data, in the same way that Europe’s regime is not a perfect one either. But we took the view that, in light of the range of protections in place, it was reasonable to see the glass half full and that regulators and courts should also see it that way. 

Read More

Search Journal Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to Data Protection Law & Policy
Subscribe to Data Protection Law & Policy
Register for a Free Trial to Data Protection Law & Policy
E-Law Alerts
Data Protection Law & Policy Pricing
The Insider Threat
Cookie Consent Guide - DataGuidance

Social Media

Follow Data Protection Law & Policy on TwitterView Data Protection Law & Policy LinkedIn ProfileData Protection Law & Policy RSS Feed