{"id":15777,"date":"2020-07-20T09:53:00","date_gmt":"2020-07-20T08:53:00","guid":{"rendered":"https:\/\/www.rosello-mallol.com\/anulacio-privacy-shield-no-advocats\/"},"modified":"2021-03-10T11:41:32","modified_gmt":"2021-03-10T10:41:32","slug":"invalidation-privacy-shield-non-lawyers","status":"publish","type":"post","link":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/","title":{"rendered":"Invalidation of the Privacy Shield for non-lawyers"},"content":{"rendered":"\n<p>On 16 July, the EU Court of Justice, adopted a decision that could have a very significant impact on the everyday management of many businesses: <strong>invalidation of the Privacy Shield<\/strong>.<\/p>\n\n\n\n<p>In essence, this decision raises doubts as to the use of platforms or technological tools that host the personal data of Europeans in the United States. Let&#8217;s see why.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is (or was) the Privacy Shield?<\/h2>\n\n\n\n<p>When the right to data protection in Europe was implemented (in the early 80s), a very <strong>Eurocentric view<\/strong> of the issue was imposed, which in short implies that the transfer of data between EU countries did not represent a bigger problem but instead, when this data left the EU, additional requirements were needed because the laws outside the EU in this field did not meet European standards.<\/p>\n\n\n\n<p>Therefore, the 1995 Directive (already repealed), <strong>established a system so that countries outside the EU were \u201capproved\u201d in order to transfer data <\/strong>with the same guarantees. <\/p>\n\n\n\n<p>Here is the <a rel=\"noreferrer noopener\" href=\"https:\/\/ec.europa.eu\/info\/law\/law-topic\/data-protection\/international-dimension-data-protection\/adequacy-decisions_en\" target=\"_blank\">list of countries<\/a> considered suitable. Transferring data to countries on this list has the same requirements as for transfers within the EU.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"208\" src=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/privacy-shield-framework.jpg\" alt=\"Privacy Shield Framework\" class=\"wp-image-15768\" srcset=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/privacy-shield-framework.jpg 800w, https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/privacy-shield-framework-300x78.jpg 300w, https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/privacy-shield-framework-768x200.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p>The United States entered the list but with one particularity: companies that wanted to host data from Europeans had to &#8220;enrol&#8221; into a protocol agreed between the US and the EU. <\/p>\n\n\n\n<p>This protocol was first called <strong>Safe Harbor<\/strong>, which was cancelled in 2015, and as of 2016, it received the name of the also-cancelled <strong>Privacy Shield<\/strong>.<\/p>\n\n\n\n<p>The reasons for both invalidations are essentially the same: <strong>it cannot be guaranteed that data from Europeans, once hosted in the US, will not be accessed by US investigative agencies without minimal guarantees<\/strong>. <\/p>\n\n\n\n<p>In both cases the decisions were the result of lawsuits against Facebook from an Austrian citizen named <strong>Max Schrems<\/strong> (@maxschrems).<\/p>\n\n\n\n<p>Many companies, very large and widely used by very different profiles (from freelancers to large corporations), are registered in the Privacy Shield: Google, Mailchimp, Zoho, etc (here is the full <a rel=\"noreferrer noopener\" href=\"https:\/\/www.privacyshield.gov\/participant_search\" target=\"_blank\">list of companies<\/a>). <\/p>\n\n\n\n<p>It must be said that, in order to be included in the Privacy Shield all that is required is a<strong> self-certification process for the company<\/strong>. Nobody checks that they effectively comply with the protocol.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What does its cancellation imply?<\/strong><\/h2>\n\n\n\n<p>Well, on 16 July 2020, the EU Court of Justice invalidated the Privacy Shield (although the USA continues to consider it valid \u2026) and <strong>this has direct effects on European companies that host data from third parties<\/strong> (customers, employees, leads, etc.) in one of the countries included on the list. <\/p>\n\n\n\n<p>Once the Privacy Shield is cancelled, European companies must find one of the other options that the GDPR provides to transfer personal data outside the EU:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>In 2010 the EU published<strong> a standard contract model for transferring data outside the EU<\/strong>. The judgment of 16 July, considers that this model is still valid (although it is not adapted to the GDPR). So, in the case of a European company wanting to transfer data to a US company, <strong>it must verify that its terms of service include the terms of the standard contract model.<\/strong><\/li><li>Another option is to ask for the <strong>consent of the data subject<\/strong> (data owner) to transfer their data outside the EU. To comply with the GDPR, <strong>this consent must be explicit.<\/strong> Beware of consents that are not 100% free, for example when the data is from employees.<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Recommendations<\/strong><\/h2>\n\n\n\n<p>We are facing a sentence with significant impact that could really affect many digital or traditional businesses that make great use of Information Technologies, so bear in mind the following recommendations:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Keep a stock of the <strong>applications<\/strong> you use where you host personal data (emails, names, phone numbers, work data, etc.).<\/li><li>Find out the<strong> location of these applications<\/strong> (where they host the data).<\/li><li>If they are in the EU, OK (note that this does not mean that you do not have to control their conditions of service to comply with the GDPR).<\/li><li>If they are outside the EU, <strong>assess what is involved in the transfer of data to that country<\/strong>: list of &#8220;approved&#8221; countries, EU standard contract or consent of the data subject involved.<\/li><li>If they are in the US, as we have said, the options are limited to the EU standard contract or the consent of the data subject involved.<\/li><\/ol>\n\n\n\n<p>If you have any questions or comments, I will be happy to help you. Feel free to <a href=\"https:\/\/www.rosello-mallol.com\/en\/contact\/\">contact me<\/a>.  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>On 16 July, the EU Court of Justice, adopted a decision that could have a very significant impact on the everyday management of many businesses: invalidation of the Privacy Shield. In essence, this decision raises doubts as to the use of platforms or technological tools that host the personal data of Europeans in the United [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":15765,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"_joinchat":[],"footnotes":""},"categories":[246],"tags":[439,395,396,440,438],"class_list":["post-15777","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-european-union","tag-gdpr-2","tag-gdpr-compliant","tag-invalidation","tag-privacy-shield-3"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Invalidation of the Privacy Shield for non-lawyers - Rosell\u00f3-Mallol Lawyers<\/title>\n<meta name=\"description\" content=\"On July 16 the Court of Justice of the EU,adopted a decision that can have a high impact on the management of many businesses:invalidation of the Privacy Shield\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Invalidation of the Privacy Shield for non-lawyers - Rosell\u00f3-Mallol Lawyers\" \/>\n<meta property=\"og:description\" content=\"On July 16 the Court of Justice of the EU,adopted a decision that can have a high impact on the management of many businesses:invalidation of the Privacy Shield\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/\" \/>\n<meta property=\"og:site_name\" content=\"Rosell\u00f3 Mallol\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-20T08:53:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-10T10:41:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/anulacion-privacy-shield-e1625653250525.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"530\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"webmaster\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:site\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"webmaster\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Invalidation of the Privacy Shield for non-lawyers - Rosell\u00f3-Mallol Lawyers","description":"On July 16 the Court of Justice of the EU,adopted a decision that can have a high impact on the management of many businesses:invalidation of the Privacy Shield","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/","og_locale":"en_US","og_type":"article","og_title":"Invalidation of the Privacy Shield for non-lawyers - Rosell\u00f3-Mallol Lawyers","og_description":"On July 16 the Court of Justice of the EU,adopted a decision that can have a high impact on the management of many businesses:invalidation of the Privacy Shield","og_url":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/","og_site_name":"Rosell\u00f3 Mallol","article_published_time":"2020-07-20T08:53:00+00:00","article_modified_time":"2021-03-10T10:41:32+00:00","og_image":[{"width":800,"height":530,"url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/anulacion-privacy-shield-e1625653250525.jpg","type":"image\/jpeg"}],"author":"webmaster","twitter_card":"summary_large_image","twitter_creator":"@vic_rosello","twitter_site":"@vic_rosello","twitter_misc":{"Written by":"webmaster","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/#article","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/"},"author":{"name":"webmaster","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/8f75280dab453a1bd38804fe66110f7d"},"headline":"Invalidation of the Privacy Shield for non-lawyers","datePublished":"2020-07-20T08:53:00+00:00","dateModified":"2021-03-10T10:41:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/"},"wordCount":724,"publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/anulacion-privacy-shield-e1625653250525.jpg","keywords":["European Union","gdpr","gdpr compliant","Invalidation","Privacy Shield"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/","url":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/","name":"Invalidation of the Privacy Shield for non-lawyers - Rosell\u00f3-Mallol Lawyers","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/#primaryimage"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/anulacion-privacy-shield-e1625653250525.jpg","datePublished":"2020-07-20T08:53:00+00:00","dateModified":"2021-03-10T10:41:32+00:00","description":"On July 16 the Court of Justice of the EU,adopted a decision that can have a high impact on the management of many businesses:invalidation of the Privacy Shield","breadcrumb":{"@id":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/#primaryimage","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/anulacion-privacy-shield-e1625653250525.jpg","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/anulacion-privacy-shield-e1625653250525.jpg","width":800,"height":530,"caption":"Anulaci\u00f3n del Privacy Shield"},{"@type":"BreadcrumbList","@id":"https:\/\/www.rosello-mallol.com\/en\/invalidation-privacy-shield-non-lawyers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Inici","item":"https:\/\/www.rosello-mallol.com\/en\/"},{"@type":"ListItem","position":2,"name":"Invalidation of the Privacy Shield for non-lawyers"}]},{"@type":"WebSite","@id":"https:\/\/www.rosello-mallol.com\/en\/#website","url":"https:\/\/www.rosello-mallol.com\/en\/","name":"Rosell\u00f3 Mallol","description":"Despatx advocats experts en TIC i Protecci\u00f3 de dades","publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rosello-mallol.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rosello-mallol.com\/en\/#organization","name":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital","url":"https:\/\/www.rosello-mallol.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","width":4000,"height":736,"caption":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/vic_rosello","https:\/\/www.instagram.com\/rosellomallol\/","https:\/\/www.linkedin.com\/in\/victorrosello\/","https:\/\/www.youtube.com\/channel\/UCxcqAdksWzsEaZ5UYoFJd0Q\/featured"]},{"@type":"Person","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/8f75280dab453a1bd38804fe66110f7d","name":"webmaster","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0ea283235bbca1f94515f36839b6f98e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0ea283235bbca1f94515f36839b6f98e?s=96&d=mm&r=g","caption":"webmaster"},"url":"https:\/\/www.rosello-mallol.com\/en\/author\/webmaster\/"}]}},"jetpack_featured_media_url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/anulacion-privacy-shield-e1625653250525.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/15777"}],"collection":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/comments?post=15777"}],"version-history":[{"count":0,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/15777\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media\/15765"}],"wp:attachment":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media?parent=15777"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/categories?post=15777"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/tags?post=15777"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}