UPDATE: New Details on EU-U.S. Privacy Shield Revealed
Written 3/1/2016 by Maribeth Minella, EVP & Corporate Counsel, World Travel, Inc.
Yesterday was historic day indeed. It was Leap Day. The European Commission (EC) and U.S. Department of Commerce each issued text detailing the EU-U.S. Privacy Shield. As you may recall, in 2015 the EC essentially nixed the EU-U.S. Safe Harbor Framework because as a whole it did not, in the Commission’s opinion, adequately protect personal data (namely from government surveillance and similar activities). The new framework – the EU-U.S. Privacy Shield – replaces Safe Harbor and will allow the free, but very protected, flow of information across the Atlantic. This is very good news for businesses on both sides of “the Pond.”
Much like how the Safe Harbor Framework was intended, the EU-U.S. Privacy Shield rests on ensuring that the transfer of data from the EU to the U.S. meets European standards. According to a press release issued by the EU yesterday, the Privacy Shield’s new rules can be categorized into for groups: (i) strong obligations on companies and robust enforcement, (ii) clear limits and safeguards with respect to U.S. government access, (iii) effective protection of EU individuals’ privacy rights with several redress possibilities, and (iv) an annual joint review mechanism. More information about the Privacy Shield’s details can be found at U.S. Dept of Commerce Reveals Privacy Shield and EC Unveils EU-U.S Privacy Shield.
Original post from 2/2/2016:
This Just In:
The EU Commission and the United States have agreed upon a new framework for transatlantic data flow: the EU-US Privacy Shield. The EU-U.S. Privacy Shield reflects the requirements sent out by the European Court of Justice in the Schrems decision, which opinion declared the U.S.-EU Safe Harbor Framework invalid. Under the new requirements, companies in the U.S. will likely need to provide stronger obligations to protect the personal data of citizens of EU Member States, along with stronger monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission. Over the next few weeks, the EU Commission and the U.S. Government will work together to publish an “adequacy decision,” which should set forth the EU-U.S. Privacy Shield’s details. Experts expect the details will require U.S. companies to certify that they comply with the new regulations, much like how they had to certify compliance with the Safe Harbor Framework.
To better understand the Schrems Opinion and its aftermath, read our November blog posting by World Travel, Inc.’s Corporate Counsel, Maribeth Minella.