The European Commission adopted the EU-US Privacy Shield on July 12, 2016.
What are the facts?
The European Commission and the U.S. Department reached an agreement on the EU-U.S. Privacy Shield, a new framework for transatlantic exchanges of personal data for commercial purposes. This new framework will protect the fundamental rights of individuals where their data is transferred to the United States and ensure legal certainty for businesses.
For the first time, the US has given the EU written assurance, to be published in the federal register, that the access of public authorities for law enforcement and national security purposes will be subject to clear limitations, safeguards and oversight mechanisms. The US explicitly assures that there is no indiscriminate or mass surveillance. To regularly monitor the functioning of the arrangement and the commitments made, there will be an annual joint review, the European Commission and the US Department of Commerce will conduct regular reviews.
Following the new arrangement companies in the U.S.A. who register for the EU-U.S. Privacy Shield will be bound to tighter conditions for onward transfers to third parties. In addition, the US Department of Commerce and the Federal Trade Commission (FTC) have committed to stronger oversight and to stronger cooperation with the European Data Protection Authorities. Every individual whose data is transferred to the U.S. will have the possibility for redress, which will be handled by an Ombudsperson to ensure that complaints by individuals are investigated and resolved.
What is new?
- Registration of U.S. American companies with the US Department of Commerce (listing of current Privacy Shield members) and self-certification.
- Stronger obligations on companies who process data (obligation to provide the "same level of protection" for the transfer of data and limitation of bulk collection of data)
- The US Department of Commerce will monitoring and review regularly, if the registered companies fulfill the required data protection policies.
- Limitations and safeguards with respect to U.S. government access (especially the use of indiscriminate mass surveillance by the U.S. is ruled out)
- Effective protection of European's rights by complaints, alternative dispute resolution, and ombudsman.
- You are looking for a new data protection solution for your business relationships?
- You want to make use of the EU-U.S. Privacy Shield for your data protection concept?
- You want to benefit from the advantages of the EU-U.S. Privacy Shield, but you are not sure about the exact implications?
We answer your questions on the EU-U.S. Privacy Shield!