The European Commission (EC) has formalised the adoption of the EU-US Privacy Shield, a new framework for transatlantic data transfers, placing greater obligations on US companies to protect European’s personal information.
The Privacy Shield replaces Safe Harbour, a similar agreement that was invalidated in October 2015 following a customer’s lawsuit against online social networking service Facebook. The complaint hinged on leaked documents by Edward Snowden, a former contractor of the US National Security Agency (NSA)—an incident that hinted at sharing of European’s private information with US intelligence agencies.
For Europeans, the new framework means greater transparency on transfer of personal information to the US and stronger protection of personal data. It also provides for an easier and cheaper redress possibilities in case of complaints.
As for American companies, it requires them to do annual self-certification that they abide by the requirements. They also have to display privacy policy on their websites, reply promptly to complaints, and cooperate and comply with European Data Protection Authorities.
Under the new framework, the US Commerce Department will have regular updates and reviews of companies to ensure compliance. Those found not following the rules will face sanctions and be removed from the list.
The Privacy Shield also gives assurance that access to information by public authorities is subject to limitations, safeguards and oversight mechanisms.
The new arrangement promotes effective protection of individual rights, providing citizens with various accessible and affordable resolution mechanisms. An annual joint review mechanism will also overseer how the Privacy Shield performs.
“We have now approved the new EU-US Privacy Shield which will protect the personal data of our people and provide clarity for businesses” said Andrus Ansip, vice-president for the Digital Single Market at the EC, in a news release.
“We’ve worked hard with all our partners in Europe and in the US to make sure this deal is right and to have it signed and sealed as soon as possible. Data flows between our two continents are essential to our society and economy, and we now have a robust framework in place ensuring these transfers occur in the best and safest conditions.”
Technology giants have been awaiting the adoption of the Privacy Shield as compliance enables them to gather and transfer European’s information without violating European’s data protection and privacy laws.
During the talks that ultimately led to the adoption of the new framework, many technology firms including Apple, Google and Microsoft said they lauded the new framework and were preparing to achieve compliance.
It, however, remains to be seen if the EU-US Privacy Shield will pass in the European Court of Justice. Privacy rights organisations have already expressed opposition against the new deal, saying its measures to safeguard European’s information from US intelligence agencies are not sufficient.
