EU’s top court has canceled the so-called Privacy Shield register—essentially, self-certifying that the company will stick to EU rules—created under a transatlantic deal between the U.S. and EU in 2016. As a result, it’s possible some companies will no longer be able to serve people in the EU. The ruling seems largely targeted to protecting EU citizens from intelligence surveillance. For example, while the court did not strike down standard contractual clauses (SCCs), an EU privacy regulator can invalidate them on a case-by-case basis if a company breaks the clauses’ terms because it can’t stop U.S. intelligence services from conducting mass surveillance on the data. Still, this is a ruling that can have a major impact on U.S. companies that do business in Europe.
What U.S. companies should consider following the bombshell EU Privacy Shield ruling
If you’re an American company with European users or customers, and you transfer their personal data to the U.S. for company use, you need to be aware of what just went down at the EU’s top court today. That’s because the Court of Justice (CJEU) just made a huge ruling. The upshot: It’s possible you will no longer be able to serve people in the EU—if not now, then in the not-too-distant future.