EU and US concluded their negotiations on a strengthened mechanism for transatlantic data transfers called the EU-US Privacy Shield. The American Chambers applaud U.S. and EU officials for reaching a revised U.S.-EU data transfer agreement protecting the ability of companies to move data across the Atlantic while providing a high standard of data protection for citizens.
Key features
– The new framework will be called ‘EU-US Privacy Shield’
– Three main achievements:
o Binding assurances that there are limitations and safeguards on US access to European citizens’ data – no indiscriminate mass surveillance
o Creation of an Ombudsperson within the State Department
o Annual review jointly led by Commission and Department of Commerce with support of national security experts and European DPAs
– New process for seeking redress:
o Ideally, complaints resolved by company
o Then free of charge alternative dispute resolution with EU DPAs, who will work with FTC to ensure complaints are investigated and resolved within deadline
o Ombudsman is last resort arbitration mechanism
o The Commission will provide clear guidance to citizens to inform them how to seek legal remedy
– Companies will be regularly reviewed by Department of Commerce to ensure they follow the privacy rules. If they do not comply, they face sanctions and removal from the list
– Emphasised that this is a living mechanism which will fix problems as they arise
– The framework used the ECJ ruling as a benchmark and with the GDPR in mind. Jourova ‘pretty sure’ it will withstand legal challenge
Next steps
– Commissioner Jourova will personally present the detailed, technical information to the WP29 tomorrow morning
– Several weeks for Jourova and Ansip to prepare ‘adequacy decision’ to be adopted by College after consultation of WP29 and MS, and for US to prepare mechanisms on their side
– Commissioner Jourova estimated that the new framework will be in force in 3 months, with first annual review in 2017
For more information press the following links: