European Union Data Privacy Law Reform: General Data Protection Regulation, Privacy Shield, and the Right to Delisting

14 Pages Posted: 9 Jan 2017 Last revised: 18 Jan 2017

See all articles by W. Gregory Voss

W. Gregory Voss

TBS Business School; Toulouse Business School; University of Toulouse - Toulouse Business School

Date Written: January 5, 2017


This article discusses a few of the most important European data privacy law developments in recent history – perhaps the most significant since 1995 when the European Union adopted the Data Protection Directive. These include the adoption of the General Data Protection Regulation (GDPR), the invalidation of the U.S. – EU Safe Harbor cross-border personal data transfer framework in the Schrems decision, and the Safe Harbor’s subsequent replacement by the Privacy Shield. The latter allows transfer of personal data (such as data about employees and prospects) from the European Union to the United States, upon certification of commitments by participating companies, and provides guarantees from U.S. agencies and means of enforcement in case of violations.

The article also covers continuing developments concerning the “right to delisting,” which was applied in the 2014 Google Spain decision. Treatment of the GDPR, which will be applicable as of May 2018 (allowing companies time to prepare), includes its extended territorial scope, changes to personal data processing principles, provisions regarding storage of data for public interest, scientific, historical or statistical purposes, developments regarding legitimate bases for processing, including consent, increased data subject rights which will require companies to take action, as well as new compliance requirements which may include, when applicable, performing data protection impact assessments and/or hiring data protection officers. Furthermore, new record-keeping obligations, new requirements for data breach notifications, and higher administrative fines are detailed.

Keywords: European Union Data Privacy Law, Data Protection, Privacy, Data Privacy, Information Privacy, General Data Protection Regulation, EU Data Protection,Schrems, Safe Harbor, Privacy Shield, Transatlantic Data Flows, GDPR, Right to Delisting, Right to Be Forgotten Google Spain, Costeja, DPO, DPIA

JEL Classification: K1, K10, K2, K29, K33, K20

Suggested Citation

Voss, W. Gregory, European Union Data Privacy Law Reform: General Data Protection Regulation, Privacy Shield, and the Right to Delisting (January 5, 2017). Business Lawyer, Vol. 72, No. 1, pp. 221-233, Winter 2016/2017, Available at SSRN:

W. Gregory Voss (Contact Author)

TBS Business School ( email )

1 Place Alphonse Jourdain
CS 66810
Toulouse Cedex 7, Occitanie 31068

Toulouse Business School ( email )

20, bd Lascrosses
Toulouse, 31068

University of Toulouse - Toulouse Business School ( email )

20, bd Lascrosses
BP 7010
Toulouse, 31068

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics