Could the 'EU-US Privacy Shield' Despite the Serious Concerns Raised by European Institutions Act as a Role Model for Transborder Data Transfers to Third Countries?

Abstract

This paper looks at the EU framework on transborder data transfers. In Maximilian Schrems v Data Protection Commissioner, the Court of Justice of the European Union declared the EU-US Safe Harbor decision as invalid. Shortly after, the Commission announced its agreement with the US on a new framework for transatlantic data transfers: the EU-US Privacy Shield. After a revision of the first draft, the Privacy Shield entered into force on 12 July. Notwithstanding any shortcomings of the Privacy Shield with regard to access by US surveillance powers, the paper opines that the Privacy Shield is the advantageous transfer mechanism compared to other transborder data transfer mechanisms. The research mainly concentrates on the question whether the Privacy Shield might be used as a role model for data transfers to other third countries. This paper assesses the question by use of the data protection laws in Canada and India. The paper notes that mutual growing convergence between the different data protection systems may evolve over time. It concludes that a hybrid model might in some cases be the only way forward if the EU adheres to its regulation on transborder data transfers.