Will calls for stricter data privacy rules eventually discourage U.S. companies from pursuing European business opportunities? The European Data Protection Supervisor (EDPS), which monitors EU data protection policies, sharply criticized the EU-U.S. Privacy Shield in an official opinion last week. The Privacy Shield imposes stricter security requirements on the transfer of data from the EU to the U.S. – but the EDPS deemed even these stricter requirements inadequate.
Among other things, the EDPS rejected the idea that corporations can effectively self-certify their compliance with the Privacy Shield. Instead, the EDPS called for U.S. authorities to systematically monitor corporate compliance. The EDPS also advocated for allowing EU citizens to sue in the EU for damages caused by Privacy Shield violations.
It remains to be seen whether the debate about even stricter rules for data transfer will have a chilling effect on US companies’ activities in Europe. In any case, do not expect the debate to fade quickly.
