Update on the EU-U.S. Privacy Shield’s Status

Update on the EU-U.S. Privacy Shield’s Status

Outside GC Member Stephan Grynwajc continues to keep a close eye on the fate of the EU-U.S. Privacy Shield data-sharing arrangement. 

In a July blog post, he advised clients about the Shield’s uncertain future, based on concerns expressed by the European Parliament. In September, he co-authored the IAPP article, “European Parliament votes to suspend Privacy Shield: Now what?,” in which he and his co-authors examine specific regulatory actions and other evidentiary clues in the aftermath of the Parliament’s July vote against the Shield, concluding that the Shield will likely survive. 

A recent joint statement issued by EU and U.S. officials on October 19th supports this conclusion. In connection with the second annual review of the Privacy Shield arrangement, officials highlighted their ongoing commitment to ensuring that the framework works as it was intended. The European Commission is expected to release by year’s end a report on its findings about the functionality of the Shield framework.

What does this mean for U.S. companies? Existing Privacy Shield-certified companies will see no real changes to the current program; however, increased oversight by the U.S. Department of Commerce is likely, and therefore, businesses should be prepared to document their compliance with the Shield’s requirements.


If you have any questions about the EU-U.S. Privacy Shield framework, as it currently stands, the GDPR, or privacy compliance in general, we would be happy to assist you. Our team includes U.S. and EU-trained attorneys experienced with data privacy requirements in the EU and well-versed in the EU-U.S. Privacy Shield self-certification process and the GDPR, as well as other data privacy laws and regulations in individual EU Member States not covered by the GDPR. 

Stephan Grynwajc served as a senior in-house attorney for several blue-chip technology corporations (e.g., Intel and Symantec) in France, the U.K. and the U.S., and today, focuses his practice on advising U.S.-based clients on navigating the EU privacy landscape.

Mark Johnson has over 20 years of experience advising clients on data privacy regulations and public policy, and is a former member of the Data Privacy practice group at the international law firm, Squire Patton Boggs in Washington D.C.

Lakshmi Sarma Ramani served as the lead global attorney for privacy matters at The Nature Conservancy, where she also managed a wide range of legal and regulatory compliance matters, including cybersecurity, tax, finance, technology, marketing, membership and fundraising.

Feel free to reach out directly to Stephan (, Mark ( or Lakshmi (, or request more information by visiting our Contact Us page.


Subscribe to Our Blog