Me and Maria Majanen  published about a year ago an article in Edilex Vierashuone about the effects of the new EU data protection act (GDPR) and directive on Public Sector ICT service and computer system procurements. In particular, we address the idea of Privacy by Design and how it should be taken into account during the procurement in order to ensure that the architecture of the services and computer systems have built-in privacy. 

The then topical EUCJ decision in the case of Schrems lead to new interpretation of Safe Harbor. This decision might have been quite a piece of news but the privacy supporting structures have gradually developed in procurement, e.g. with agreements for quite some time already. The decision, though, highlights the importance of defining the privacy requirements early on in procurement phase of the ICT system lifecycle.

If interested, here's more about the SchremsHelsingin Sanomat in its January 23rd 2016 issue interviewed Max Schrems.

Just few days ago, came the news. Helsingin Sanomat writes 6.12.2017 about EU data protection authorities possibly challenging EU Commission in court over Privacy Shield agreement. What Privacy Shield? It's the follower of Safe Harbor agreement. Both of these agreements were meant to ensure adequate level of personal data handling for personal data of the Europeans in United States. The just year-old Privacy Shield didn't come easy and apparently some of its wordings are still deemed insufficient. 

It looks like with this, the data protection authorities  aim to give bit of a nudge to the Commission. There has been ongoing interest in the Commission to develop Data protection legislation in EU and cleaning up so corners seems legit in light of General Data Protection Regulation (GDPR). We all should be GDPR readiness by May 2018. 

The 2015 Schrems events were a good lesson: all ways prepare for changes around you. And as long as Privacy Shield stands, it is the official vessel to take EU citizens' personal data to services provided from USA. And there are the standard contractual clauses in case the 2015 events take place again.