By John Jackson
The Privacy Shield framework, which thousands of companies located in the United States have relied upon to receive transfers of personal data from the European Union, the United Kingdom, and Switzerland, has been invalidated by the European Union Court of Justice (ECJ). According to the ECJ, the United States approach to data privacy is not “essentially equivalent” to what is required in the EU due to surveillance programs utilized by US public authorities which are “not limited to what is strictly necessary.”
Companies who have been relying on the Privacy Shield will now need to either utilize standard contractual clauses or binding corporate rules, and will also likely need to amend their Privacy Policies.
John M. Jackson has represented clients in patent litigation and complex commercial litigation matters in federal and state courts throughout the country, and in the International Trade Commission (ITC). John has served as trial counsel in more than 125 patent infringement lawsuits nationally and has handed matters before the ITC. He has tried three major patent infringement cases to a jury and has considerable experience with all aspects of the claim construction or Markman process in patent infringement lawsuits. In addition to his intellectual property practice, John co-chairs the Firm’s Cybersecurity Litigation Group and counsels clients concerning data privacy issues. He has earned certification as a Certified Information Privacy Professional (CIPP/US) and a Certified Information Privacy Manager through the International Association of Privacy Professionals.
The opinions expressed are those of the author and do not necessarily reflect the views of the firm, its clients, or any of its or their respective affiliates. This article is for informational purposes only and does not constitute legal advice.