European Commission launches EU-U.S. Privacy Shield


Finally, the European Commission launches the EU-U.S. Privacy Shield, which has gone through a lengthy process to replace Safe Harbour.

What was Privacy Shield again?

Privacy Shield is supposed to put transatlantic exchanges of personal data for commercial purposes from Europe to the US on a new legal framework (and therefore replace the former framework, Safe Harbour). These are its main characteristics:

  • Strong obligations on companies handling data
  • Clear safeguards and transparency obligations on U.S. government access
  • Effective protection of individual rights
  • Annual joint review mechanism
  • Read more details about these characteristics in the coverage about the launch of Privacy Shield.

Or, for anyone interested, EU Justice has just released a new site with more information regarding the mechanism.

What happens next?

The European Commission outlines the next steps as follows:

The “adequacy decision” will enter into force immediately. On the U.S. side, the Privacy Shield framework will be published in the Federal Register, the equivalent to the EU’s Official Journal. The U.S. Department of Commerce will start operating the Privacy Shield. Once companies have had an opportunity to review the framework and update their compliance, companies will be able to certify with the Commerce Department starting August 1. In parallel, the Commission will publish a short guide for citizens explaining the available remedies in case an individual considers that their personal data has been used without taking into account the data protection rules.

Can I safely transfer data to the US now?

The goal for Privacy Shield is to establish a mechanism that makes sure you are allowed to safely transfer data to the US. Everything related to Privacy Shield is work in progress. There is widespread belief for instance, that Privacy Shield will itself only have a short shelf life. Now it’s time to wait for new guidance by any of the agencies involved. Check what your local data protection agency has to say regarding the matter.

Sharing is Awesome, Thank You! :)

Share this Blue 37 post with your friends
close-link