Update on the EU-U.S. Privacy Shield’s Status

Update on the EU-U.S. Privacy Shield’s Status
Posted by   Stephan Grynwajc Oct 31, 2018

Outside GC Member Stephan Grynwajc continues to keep a close eye on the fate of the EU-U.S. Privacy Shield data-sharing arrangement. 

In a July blog post, he advised clients about the Shield’s uncertain future, based on concerns expressed by the European Parliament. In September, he co-authored the IAPP article, “European Parliament votes to suspend Privacy Shield: Now what?,” in which he and his co-authors examine specific regulatory actions and other evidentiary clues in the aftermath of the Parliament’s July vote against the Shield, concluding that the Shield will likely survive. 

A recent joint statement issued by EU and U.S. officials on October 19th supports this conclusion. In connection with the second annual review of the Privacy Shield arrangement, officials highlighted their ongoing commitment to ensuring that the framework works as it was intended. The European Commission is expected to release by year’s end a report on its findings about the functionality of the Shield framework.

What does this mean for U.S. companies? Existing Privacy Shield-certified companies will see no real changes to the current program; however, increased oversight by the U.S. Department of Commerce is likely, and therefore, businesses should be prepared to document their compliance with the Shield’s requirements.


If you have any questions about the EU-U.S. Privacy Shield framework, as it currently stands, the GDPR, or privacy compliance in general, we would be happy to assist you. Our team includes U.S. and EU-trained attorneys experienced with data privacy requirements in the EU and well-versed in the EU-U.S. Privacy Shield self-certification process and the GDPR, as well as other data privacy laws and regulations in individual EU Member States not covered by the GDPR. 

Stephan Grynwajc served as a senior in-house attorney for several blue-chip technology corporations (e.g., Intel and Symantec) in France, the U.K. and the U.S., and today, focuses his practice on advising U.S.-based clients on navigating the EU privacy landscape.

Mark Johnson has over 20 years of experience advising clients on data privacy regulations and public policy, and is a former member of the Data Privacy practice group at the international law firm, Squire Patton Boggs in Washington D.C.

Lakshmi Sarma Ramani served as the lead global attorney for privacy matters at The Nature Conservancy, where she also managed a wide range of legal and regulatory compliance matters, including cybersecurity, tax, finance, technology, marketing, membership and fundraising.

Feel free to reach out directly to Stephan ([email protected]), Mark ([email protected]) or Lakshmi ([email protected]), or request more information by visiting our Contact Us page.


This publication should not be construed as legal advice or a legal opinion on any specific facts or circumstances not an offer to represent you. It is not intended to create, and receipt does not constitute, an attorney-client relationship. The contents are intended for general informational purposes only, and you are urged to consult your attorney concerning any particular situation and any specific legal questions you may have. Pursuant to applicable rules of professional conduct, portions of this publication may constitute Attorney Advertising.

Subscribe to Our Blog