Q3 2019 - Ethics

US data privacy laws changing to align with Data Protection Act 2018 (GDPR)

Privacy Shield

Read time: 3-4 minutes

Author: John Temple

Issue 001 - Ethics - July 2019 posted in Industry News

Following new EU data privacy regulations in 2018, the European Commission has been reviewing the EU-US Privacy Shield to ensure adequate levels of protection for EU citizens. The Privacy Shield is a framework that regulates transferrals of personal data for commercial purposes between the EU and the US, with the purpose of facilitating these exchanges. As of 2019, there are around 4,200 Privacy Shield-certified companies in the US.

The Commission Report on the second annual review of the Privacy Shield concludes that it does adequately protect the privacy of EU citizens, although some recommendations still require implementation. Furthermore, some aspects of the framework “need to be closely monitored . . . as they affect elements that are essential for the continuity of the adequacy finding.”



Regarding the UK’s withdrawal from the EU, the International Trade Administration’s Privacy Shield Team have produced guidance on how the Privacy Shield will apply to the UK following exit from the EU.

After any transition period for Brexit, Privacy Shield organisations must update their public commitments to state specifically that the commitment extends to personal data received from the UK in reliance on Privacy Shield, with the understanding that they are also committing to cooperating and complying with the UK’s Information Commissioner’s Office (ICO). This is in addition to Privacy Shield organisations recertifying for their Privacy Shield certification annually.


The domino effect

Following the EU’s Data Protection Act (DPA) 2018 and consequent Privacy Shield changes, US states are now taking action through their own data privacy laws. The California Consumer Privacy Act was passed in 2018 and mandates regulations similar to the DPA 2018 and is cited as the most comprehensive data privacy law in the US.

11 other states so far have passed similar legislation contributing the US’ patchwork approach to data privacy laws. Any federal legislation or congressional action is yet to be suggested.


The impact on global research

The cost for businesses attempting to comply with this multi-state assortment of legislative frameworks that, in many places, overlap and conflict with each other, is potentially astronomical. Much as with the DPA 2018, there will inevitably be restructuring required for research firms around the world to comply with the new multi-state laws around personal data. However, this is set to be a confusing task that will differ even from the preparation for the DPA 2018, and encompass an even greater number of markets.

John Temple

John Temple

John has spent decades in the Market Research Translation industry and proudly wears the badge ‘Expert’. He is continuously implementing innovative ideas that bring ease, cost-effectiveness and excellence to every stage of your multilingual research.


All data and information provided by The RP Times is for informational purposes only. makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.

facebook twitter  linkedin


  + 44 117 379 0400

Policies and Terms

RP Translate Ltd © 2019 All Rights Reserved