Privacy Shield Framework Officially Null and Void in Serbia – Initiative to Amend Existing Regulation in Procedure
Privacy Shield Framework Officially Null and Void in Serbia – Initiative to Amend Existing Regulation in Procedure

Katarina Živković
Senior Associate

Dragan Martin
Junior Associate
On 10 August 2020, the Commissioner for Information of Public Importance and Personal Data Protection (the “Commissioner“) issued an official statement confirming that the recently annulled mechanism for the free transfer of personal data to the United States (better known as the “Privacy Shield Framework”) cannot be considered a lawful basis for the transfer of personal data anymore.
Namely, the Court of Justice of the European Union on 16 July 2020, rendered a historic decision declaring the Privacy Shield Framework invalid (you can find a more detailed analysis of this decision in our article here).
Considering the Act on Personal Data Protection of the Republic of Serbia prescribes that an appropriate level of personal data protection is provided in countries, in parts of their territories or in one or multiple sectors of specific activities in those states or international organizations as determined by the European Union, it follows that the annulled mechanism of personal data transfer to the United States of America cannot be considered valid on the territory of the Republic of Serbia as well.
Furthermore, the Decision of the Government of the Republic of Serbia on countries, the parts of their territories or one or multiple sectors of specific activities in those states or international organizations which are considered to provide an adequate level of personal data protection, specifically mentions the Privacy Shield Framework as the mechanism which provides an adequate level of personal data protection.
Having mentioned in mind, the Commissioner sent an official letter to the Government of the Republic of Serbia in which he emphasized the need for harmonization of the said Decision with the Act on Personal Data Protection and the caselaw of the Court of Justice of the European Union.
This initiative of the Commissioner came as a confirmation of what has already been determined by the said decision of the Court of Justice of the European Union. If you are processing personal data and have so far relied on the Privacy Shield Framework as the lawful basis for data transfers to the US, now would be the right time to comply with the newly established rules under which such transfer is permitted.
This text is for informational purposes only and should not be considered legal advice. Should you require any additional information, feel free to contact us.
Contact:
Katarina Živković, Senior Associate
katarina.zivkovic@sog.rs
Dragan Martin, Junior Associate
dragan.martin@sog.rs
OTHER NEWS
The New Serbian Legal Framework for Internships to Be Adopted
At the end of 2021, a public debate was held in the National Assembly on the Draft Law on Work Practice. The Draft itself is a reaction to relatively unfavourable basic labour market indicators, which predict that young people in Serbia lag behind their peers in...
NFTs in the Light of Trademark Law
Recently, non-fungible tokens (“NFTs”) have become the subject of significant public attention, primarily due to the high amounts of money allocated for their purchase. For example, it is estimated that the worth of the global NFT market in 2021 was about 41...
What Is a Data Protection Officer (DPO)?
Data Protection Officer (“DPO”) is a person overseeing a company’s data protection strategy and implementation in order to ensure compliance with General Data Protection Regulation (“GDPR”) requirements. Any company that processes or stores personal data is...
Let's connect
Let us know how we can help you and your business.