New "EU-US Privacy Shield" for the transfer of EU personal data to the US
- Jan Vanbeckevoort - Griet Verfaillie
- Privacy Shield , Safe Harbor , transfer , EU personal data , privacy , data protection , adequate level of protection , Schrems,
On 2 February 2016, the European Commission announced that a new agreement was reached with the US Department of Commerce that would allow for the transfer of personal data of EU citizens to the US.
In our earlier
analysis we discussed the legal consequences of the Schrems ruling of the European Court of
Justice on 6 October 2015, which declared the old EU-US Safe Harbor arrangement with regard to the
transfer of EU personal data to the US invalid.
This new “EU-US Privacy Shield” is intended to replace the “Safe Harbor Framework” and aims to answer to the wider concerns raised by the European Court of Justice on the lack of safeguards and adequate protection for the data of EU citizens in the US. Concerns that made businesses that transfer EU personal data to the US operate in a legal vacuum.
The new arrangement includes:
However, at this stage an official legal text is not yet available.
In the coming weeks negotiations will take place on the implementation of this political agreement into a Commission "adequacy decision". This will occur, in any event, after consulting and obtaining the advice of the Article 29 Working Party, an independent advisory body composed of representatives from all national privacy protection authorities in the EU, the European Data Protection Supervisor and the European Commission.
In principle implementation could follow by April 2016.
In the meantime, the alternative mechanisms for the transfer of EU personal data from the EU to the US, such as standard contractual clauses (SCC’s) and the binding corporate rules (BCR’s) can still be used.
An application of the old Safe Harbor Framework is not recommended.
To be continued...