The Court of Justice of the European Union (“CJEU”) issued yesterday its long-expected Judgment in Schrems vs Data Protection Commissioner, in which the court, largely adopting the opinion of its Advocate General, resolved that the Decision 2000/520 of the European Commission which provides that the Safe-Harbour scheme provides an adequate level of protection and can be used as ground for the transfer of personal data from the EU to US companies participating in the Safe Harbour scheme, is invalid.
Following the recent invalidation of the Safe Harbour scheme by the CJEU as a legitimate ground for the transfer of personal data from the EU to the US, yesterday the EU Commission approved a political agreement reached with the US paving the way for a new and more robust mechanism for such data flows.
The “EU-US Privacy Shield”, to be soon introduced, appears to be in line with the requirements set by the Schrems judgment and will comprise the following basic elements:
In August 2014, ISO and IEC published ISO 27018, a new standard, as a code of practice for the protection of PII in public clouds. ISO 27018 is a voluntary standard which is expected to strengthen confidence of customers and regulators with respect to PII processing in the cloud.