Transferring data to the us: is EU-US privacy shield framework in danger?


By Jorge Monclús and Blanca Puig, Cuatrecasas
By Jorge Monclús and Blanca Puig, Cuatrecasas

By Jorge Monclús and Blanca Puig.

At the end of January, Donald J. Trump, president of the United States, approved an executive order excluding persons that are not US citizens or lawful permanent residents from the protections of privacy rules.

This could jeopardize the recently signed EU-US Privacy Shield Framework, which was approved in July 2016. The framework guarantees minimum security levels for the processing of EU citizens’ personal data being transferred to the US; this avoids data transfers made to US companies certified with Privacy Shield from being considered “international data transfers.”

Now, the question is whether the EU-US Privacy Shield Framework could be invalidated by this executive order. Human Rights Watch and the American Civil Liberties Union sent a letter to the European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, expressing their concerns and urging the European Commission to re-examine these matters and to take measures.

However, the US Federal Trade Commission upholds that the EU-US Privacy Shield Framework is not affected by the executive order, considering that it continues to be valid.

We will continue to closely watch the different reactions to any legislative changes in the US that could affect the protection of EU citizens’ personal data.