On June 20, 2019, Keith Krach was confirmed by the U.S. Senate to become the Trump administration’s first permanent Privacy Shield Ombudsperson at the State Department.  The role of the Privacy Shield Ombudsperson is to act as an additional redress avenue for all EU data subjects whose data is transferred from the EU or Switzerland to the U.S. under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework, respectively.

As Ombudsperson, Krach will be responsible for dealing with complaints and requests from individuals in the EU and Switzerland, including in relation to U.S. national security access to data transmitted from the EU or Switzerland to the U.S.  The Ombudsperson works with other Government officials and independent oversight bodies to review and respond to requests.  Krach’s role as Ombudsperson forms part of his duties as the Under Secretary for Economic Growth, Energy and the Environment.  The Under Secretary is independent from the intelligence services and reports directly to the Secretary of State.

The formal approval of a permanent Privacy Shield Ombudsperson will be welcomed at EU level.  As we have previously reported, the European Data Protection Board praised the appointment of a permanent Ombudsperson in its January report regarding the second annual review of the Privacy Shield.  In addition, the Commission has emphasized that the Ombudsperson is “an important mechanism that ensures complaints concerning access to personal data by U.S. authorities are addressed.”  This appointment comes at a time when both the EU-U.S. Privacy Shield and the Standard Contractual Clauses are under scrutiny in the European courts.

Tags: Cross-Border Transfers, Data Transfer, Data Transfers, EU-U.S. Privacy Shield, European Commission, European Data Protection Board, Ombudsperson, Swiss-U.S. Privacy Shield
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Mark Young Mark Young

Mark Young is an experienced tech regulatory lawyer and a vice-chair of Covington’s Data Privacy and Cybersecurity Practice Group. He advises major global companies on their most challenging data privacy compliance matters and investigations. Mark also leads on EMEA cybersecurity matters at the…

Mark Young is an experienced tech regulatory lawyer and a vice-chair of Covington’s Data Privacy and Cybersecurity Practice Group. He advises major global companies on their most challenging data privacy compliance matters and investigations. Mark also leads on EMEA cybersecurity matters at the firm. In these contexts, he has worked closely with some of the world’s leading technology and life sciences companies and other multinationals.

Mark has been recognized for several years in Chambers UK as “a trusted adviser – practical, results-oriented and an expert in the field;” “fast, thorough and responsive;” “extremely pragmatic in advice on risk;” “provides thoughtful, strategic guidance and is a pleasure to work with;” has “great insight into the regulators;” and “is technologically sophisticated and advises on true issues of first impression, particularly in the field of AI.”

Drawing on over 20 years of experience, Mark specializes in:

Providing practical guidance and advising on potential exposure under GDPR and international data privacy laws in relation to innovative products and services.
Handling complex regulatory investigations and enforcement actions involving data privacy regulators in the UK, EU and globally, and advising on follow-on litigation risk.
Helping clients respond to cybersecurity incidents, including ransomware, supply chain incidents, state-sponsored attacks, insider threats, personal data breaches, and IP and trade secret theft.
Advising various clients on the EU NIS2 Directive, Cyber Resilience Act (CRA), and other emerging EU, UK, and global cybersecurity laws and regulations.
Advising life sciences companies on industry-specific data privacy issues, including clinical trials, pharmacovigilance, and digital health products and services.
Advising on data privacy compliance in relation to employees and international transfers of data in connection with white collar investigations.
Providing strategic advice and advocacy on a range of UK and EU technology law reform issues relating to data privacy, cybersecurity, eIDs, and software.
Representing clients in connection with references to the Court of Justice of the EU.

Read more about Mark YoungEmail
Show more Show less
Photo of Sam Jungyun Choi Sam Jungyun Choi

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such…

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such as AI, digital health, and autonomous vehicles.

Sam is an expert on the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act, having advised on these laws since they started to apply. In recent years, her work has evolved to include advising companies on new data and digital laws in the EU, including the AI Act, Data Act and the Digital Services Act.

Sam’s practice includes advising on regulatory, compliance and policy issues that affect leading companies in the technology, life sciences and gaming companies on laws relating to privacy and data protection, digital services and AI. She advises clients on designing of new products and services, preparing privacy documentation, and developing data and AI governance programs. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Read more about Sam Jungyun ChoiEmailSam Jungyun's Linkedin Profile
Show more Show less