Cybersecurity header
February 03, 2016

JW Cybersecurity Practice Area

Contact JW


100 Congress Avenue
Suite 1100
Austin, TX  78701
2323 Ross Avenue
Suite 600
Dallas, TX  75201
Fort Worth
777 Main Street
Suite 2100
Fort Worth, TX  76102
1401 McKinney Street
Suite 1900
Houston, TX  77010
San Angelo
301 W. Beauregard Avenue
Suite 200
San Angelo, TX  76903
San Antonio
112 E. Pecan Street
Suite 2400
San Antonio, TX  78205
6002 Summerfield Drive
Suite B
Texarkana, TX  75503
US-EU Agree on Privacy Shield to Replace Invalidated Safe Harbor

By Sara Hollan Chelette

On February 2, 2016, it was announced that the United States and the European Union had reached an agreement on a new framework to replace the Safe Harbor that was invalidated back in October. The new framework, called the "Privacy Shield," places stronger obligations on U.S. companies to protect the personal data of Europeans and requires stronger monitoring and enforcement by the U.S. Department of Commerce and the FTC.

Although the actual text of the Privacy Shield has not been released, the key elements were addressed in Tuesday's announcement:

  • The framework will require U.S. companies importing personal data from Europe to commit to "robust obligations" on how that personal data is processed. The companies must publish their commitments, which will make them enforceable under U.S. law by the FTC.
  • Any U.S. company handling human resources information from European employees must commit to comply with decisions of the European Data Protection Authorities.
  • The U.S. government has assured the EU that "the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms." Exceptions must be used only to the extent necessary. Additionally, the U.S. has agreed to eliminate indiscriminate mass surveillance on personal data transferred under the Privacy Shield.
  • The European Commission and the U.S. Department of Commerce will conduct an annual joint review to monitor the Privacy Shield, including national security access.
  • Any European citizen who alleges that their data has been misused under the Privacy Shield will have several avenues of redress. Companies will have set deadlines to respond to complaints, European DPAs can refer complaints to the Department of Commerce and the FTC, and Alternative Dispute Resolution will be free. A new Ombudsperson will handle complaints on possible access by national intelligence authorities.

In the next few weeks, a draft "adequacy decision" will be prepared and considered for adoption by the College of Commissioners. In the meantime, the United States will prepare for putting the new framework in place.

Although early, the reaction to the Privacy Shield has been mixed. Businesses relying on data transfers from the EU to the US are certainly relieved to have a new framework in place. On the other hand, many are concerned that the framework suffers from the same flaws that doomed the Safe Harbor, including whether U.S. intelligence agencies have too much access to personal data from the EU. Only time will tell whether the Privacy Shield will be able to deflect challenges.

Contact the Cybersecurity team at Jackson Walker if you would like assistance in crafting a privacy policy, updating your current policy, or understanding how the new Privacy Shield may impact your business.

Jackson Walker's Cybersecurity team includes the following attorneys:

Sara Chelette - 214.953.5915 -
Jeff Drummond - 214.953.5781 -
John Jackson - 214.953.6109 -
John Koepke - 214.953.6005 -
Jason Reinsch - 214.953.5914 -
Shannon Zmud Teicher - 214.953.5987 -
Chris Thompson - 214.953.6032 -

Brad Knippa - 512.236.2284 -
Jonathan Lass - 512.236.2085 -
Cale McDowell - 512.236.2057 -

Jeff Harder - 713.752.4346 -
Brit Nelson - 713.752.4419 -
Amanda Zimmerman -713.752.4541 -

San Antonio
Stephanie Chandler - 210.978.7704 -

If you wish to be added to this e-Alert listing, please SIGN UP HERE. If you wish to follow the JW Technology group on Twitter, please CLICK HERE.



Fort Worth


San Angelo

San Antonio


Jackson Walker L.L.P.

Cybersecurity e-Alert is published by the law firm of Jackson Walker L.L.P. to inform readers of relevant information in cybersecurity law and related areas. It is not intended nor should it be used as a substitute for legal advice or opinion which can be rendered only when related to specific fact situations. For more information, please call 1.866.922.5559 or visit us at

©2016 Jackson Walker L.L.P.