On February 3, 2016, Article 29 Working Party (WP29) met to discuss the consequences of the European Court of Justice’s ruling of October 6, 2015, which declared the old Safe Harbor framework invalid (see here for more information).
WP29 welcomed the recent EU-U.S. announcement that the “Privacy Shield” will substitute the old “Safe Harbour” (see here). However, it recalled that international data transfers will have to be evaluated on a case-by-case basis until it is assessed that EU data subjects’ rights are safeguarded by the new agreement. WP29
“looks forward to receive the relevant documents in order to know precisely the content and the legal bindingness of the arrangement and to assess whether it can answer the wider concerns raised by Schrems judgment as regards international transfers of personal data”.
With regard to the content of the Privacy Shield, WP29 highlighted the necessity that transnational transfers of personal data undergo the following four guarantees:
- processing should be based on clear and accessible rules. Data subjects shall be able to foresee what might happen to transferred data;
- necessity and proportionality with pursued objectives need to be demonstrated: “a balance needs to be found between the objective for which the data are collected and accessed (generally national security) and the rights of the individual”;
- an independent oversight mechanism should exist;
- effective remedies need to be available to data subjects.
For more information, Francesca Giannoni-Crystal