Breaking News: US-EU Announce New Data Transfer Framework, the “EU-US Privacy Shield”
Posted: February 02, 2016
As announced on February 2, the European Commission and the United States reached an agreement on a new framework that will regulate cross-border data transfers. The new scheme – the EU-US Privacy Shield – is the result of intensive negotiations over the past few years. These negotiations took on an even higher level of urgency following the European Court of Justice’s court ruling in October 2015 that invalidated the long-standing EU-US Safe Harbor framework. It’s important to note that this agreement is not yet legally binding. Negotiations largely focused on reform of surveillance activities conducted by the US. In particular, the US committed to conducting public surveillance for law enforcement and national security purposes on European citizens in accordance with clear guidelines and oversight. Concerned Europeans will also have a formalized complaint mechanism. Commissioner Jourová remarked in her statements that this was a “unique step the US has made to restore trust in our transatlantic relations.” The European Commission’s press release outlined several elements that comprise the new framework:
- Strong and robust obligations on how US companies must process personal data and guarantee individual rights. Enforcement will continue to be overseen by the Federal Trade Commission (FTC).
- Clear safeguards and transparency obligations in relation to US government access for law enforcement and national security. The European Commission and US Department of Commerce will conduct an annual joint review of these activities.
- Effective protection of EU citizens’ rights with additional redress possibilities including requirements and deadlines for companies to respond to complaints. European Data Protection Authorities (DPAs) may refer complaints to the Department of Commerce and FTC.