EU: Safe Harbor is now the EU-US Privacy Shield

Today the European Commission and the United States presented an agreement called EU-US Privacy Shield that follows the Safe Harbor Agreement after the European Court of Justice declared on October 6, 2015 that the Commission’s decision on the Safe Harbor agreement was invalid. This is a big relief for European companies and US data processors, but there is still work to be done.

The new agreement will put some additional load on U.S. companies importing data from the EU that certainly needs preparation. Just signing an agreement wasn´t enough for Safe Harbor; it required the daily practice of its data protection principles. With the new EU-US Privacy Shield, US companies really have to show the adequacy of their data processing. The new Privacy Shield adds and enforces additional obligations on how personal data is processed and individual rights are guaranteed in the US.

Any European citizen who considers that their data has been misused under the new agreement will have several redress possibilities that have to be addressed by US data importers. Companies have to reply to complaints within a deadline. European DPAs can refer complaints to the U.S. Department of Commerce and the Federal Trade Commission (FTC). In addition, alternative dispute resolution (such as that provided by 2B Advice) has to be provided free of charge. For complaints on possible access by national intelligence authorities, a new Ombudsperson will be created.

The new agreement picks up the criticisms about Safe Harbor and asks for stronger obligations of companies in the U.S. to protect personal data of Europeans and enforcement by the Department of Commerce and the FTC. It also addresses the court's concerns regarding the prevention of generalized access by public U.S. authorities. "[Now] businesses, especially the smallest ones, have the legal certainty they need to develop activities across the Atlantic," said EU Vice President Ansip. Commissioner Jourová added, "For the first time ever, the United States has given the EU binding assurances that access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms." She continued, "The US has assured that it does not conduct mass or indiscriminate surveillance of Europeans."

While the Commission prepares the formal "Adequacy" decision and the US puts in place the new framework, monitoring mechanisms and new Ombudsman companies that want to process data under the EU-US Privacy Shield should use the time to prepare for the new framework if they want to take advantage of it. To do so, a good understanding of the EU Privacy and the EU-US Privacy Shield regulation is necessary. 2B Advice provides European Privacy Expertise in the US and is ready to help.

Further information:

Photo: © maxsim - Fotolia

Rating: 5 (2)

© 2012 - 2019 |  2B Advice LLC - the privacy benchmark
65 Broadway, 7th Floor | New York | NY | 10006 | Phone: +1 (800) 717-1278 | Fax: +1 (212) 898 1248 | Email: newyork@2b-advice.comThe pages do not contain any legal advice | No responsibility for the accuracy of the information. Please also notice: Privacy Notice | Legals
2B Advice GmbH Italy
2B Advice GmbH Germany | 2B Advice s.r.o. Slovakia
United States of America | Slovakia | Germany | New York | San Diego | Bonn | Berlin | Munich | Brezno