With the Privacy Shield under fierce criticisms, there is now consideration for the European Commission to grant “adequacy” to an individual US state – California with it's CCPA.
Second annual review of the EU-U.S. Privacy Shield went better than the first, but the European Commission is still waiting on the U.S. government to nominate a permanent Ombudsperson to handle potential complaints and requests from EU citizens.
Without serious privacy reform and a federal law in the US, it may not be possible to draft a Privacy Shield framework that survives another round in the EU court system.
There was some question as to whether Schrems II would extend to the similar Swiss-US Privacy Shield agreement, and that question has now been answered.
U.S. doing an “adequate” job for Privacy Shield but could be doing more to protect the data transfer of EU users, including reform of the FISA regulations.
In a landmark decision for the EU-US data transfer regime, the European Court has struck down the EU-US Privacy Shield but given respite to Standard Contractual Clauses.
On Feb. 2, 2016, representatives of the European Commission and the United States agreed on a new framework for transatlantic data flow: the EU-US Privacy Shield, a new framework intended to replace the EU-US Safe Harbor that was invalidated as a result of a decision of the EU Court of Justice.
It appears that for some, including the biggest names in tech, the possibility of pulling out of Europe over the new Schrems data transfer requirements is not entirely off the table.