On February 2, 2016, the EU Commission and the U.S. government approved the EU-U.S. “Privacy Shield”. This new framework reflects the requirements set out by the European Court of Justice in its ruling of October 6, 2015, which declared the old Safe Harbor framework invalid (see here for more information).
The new Privacy Shield will include the following arrangements:
- stronger obligations on U.S. companies to protect the personal data of Europeans. “U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed”;
- stronger monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission (FTC). The Department of Commerce will monitor that companies publish their commitments, which makes them enforceable by the FTC. In addition, companies handling European personal data will need to comply with European DPAs’ decisions;
- clearer safeguards and transparency on U.S. government’s access. Access to personal data will be subject to clear conditions. Generalized access will be prevented;
- more redress possibilities to protect EU citizens’ rights. Europeans will have the right to raise inquiries and complaints with the Department of Commerce and the FTC. Alternative Dispute resolution will be free of charge. Europeans will have a dedicated new Ombudsperson for complaints.
The EU Commission mandated Vice-President Ansip and Commissioner Jourová to draft an “adequacy decision” to be adopted by the College after obtaining the advice of the Article 29 Working Party and after consulting a committee composed of representatives of the Member States. The “adequacy decision” draft should be ready in the coming weeks. Jourová estimated that the whole process could take roughly three months. Meanwhile, the U.S. will make the necessary preparations to put in place the new framework, monitoring mechanisms and new Ombudsman.
In the meantime, controllers transferring data internationally will continue to need a detailed plan for those data flows. Some guidance on how to do that is available here.
A video of the press conference on EU-US data protection negotiations (ex-Safe Harbour) is available at http://ec.europa.eu…
The statement from U.S. Secretary of Commerce Penny Pritzker on EU-U.S. Privacy Shield is available at https://www.commerce.gov…
For more information, Francesca Giannoni-Crystal