Privacy Shield: Toward a Strong Personal Data Protection Between The US and the EU?

Revue des Juristes de Sc Po, vol. 14, 2018

14 Pages Posted: 7 Jun 2019

See all articles by Céline Castets-Renard

Céline Castets-Renard

Civil Law Faculty; University of Toulouse 1; ANITI (Artificial and Natural Intelligence Toulouse Institute); Institut Universitaire de France

Date Written: January 20, 2018


While the United States and the European Union share the goal of enhancing privacy protection, the United States uses a sectoral approach that relies on a mix of legislation, regulation and self-regulation. Moreover, the protection is guaranteed at the US Federal level and State level. In comparison, the EU chose to adopt an omnibus approach implemented throughin a single text to authorize the free movement of data inside the internal market. The Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data was enacted the 24 October 1995. It will be repealed by the Regulation 2016/679/EU of 27 April 2016 (General Data Protection Regulation or GDPR) which will enter into force and apply as ofthe 25 May 2018. The impact of the ddirective has been considerable. Despite the role of the United States in early global privacy debates (Fair Information Practices and OECD Privacy guidelines), the rest of the world has followed the EU model and enacted EU-style “data-protection” laws.”

Due to the differences of Privacy approaches between the US and the EU, the US sectorial legislation doesn’t provide an “adequate level of protection.” Nevertheless, in the absence of an adequacy decision and to compensate for the lack of data protection in a third country, some appropriate safeguards can be used. Such safeguards may consist of making use of binding corporate rules (BCR), standard data protection clauses adopted by the Commission, standard data protection clauses adopted by a supervisory authority or standard contractual clauses (SCC) authorized by a supervisory authority. Moreover, to build a mechanism for ensuring personal data transfers to the US from the EU, the US Department of Commerce and the European Commission adopted an ad hoc instrument, the so-called “safe harbor.” Based on the European Commission Decision 2000/520/EC of 26 July 2000, the safe harbor privacy principles and related frequently asked questions issued by the US Department of Commerce, is a voluntary process of self-regulation available to the US companies. This “non-legislative lawmaking” is a collaborative effort focused on the economic interests of both the US and the EU.

Keywords: GDPR, Privacy Shield, Safe Harbor, data protection, adequacy, US privacy

Suggested Citation

Castets-Renard, Céline, Privacy Shield: Toward a Strong Personal Data Protection Between The US and the EU? (January 20, 2018). Revue des Juristes de Sc Po, vol. 14, 2018, Available at SSRN:

Céline Castets-Renard (Contact Author)

Civil Law Faculty ( email )

57 Louis Pasteur Street
Ottawa, Ontario K1N 6N5

HOME PAGE: http://

University of Toulouse 1 ( email )

2 rue du doyen Gabriel Marty
Toulouse, 31000

ANITI (Artificial and Natural Intelligence Toulouse Institute) ( email )

41 Allées Jules Guesde - CS 61321

Institut Universitaire de France ( email )

103, bld Saint-Michel
75005 Paris
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics