The Privacy Shield
In early February it was announced that the EU Commission and the US Authorities had reached an agreement on the new regime for the protection of EU Citizens’ personal data in the USA. The new system, called the Privacy Shield, replaces the Safe Harbour system which was ruled invalid by the EU Court of Justice in October 2015.
On 29 February the European Commission issued the legal texts for the new regime. The Privacy Shield imposes stronger obligations on US companies to protect personal data relating to EU Citizens and requires the US to monitor and enforce more robustly and to cooperate with the European Data Protection Authorities.
The new arrangement includes:
- written commitments and assurance by the US that the ability of public authorities to access personal data transferred under the Privacy Shield will be subject to clear conditions, limitations and oversight and general access will not be permitted;
- provision for an Ombudsperson within the Department of State to offer a redress possibility for Europeans in the area of national intelligence. The Ombudsperson will be independent of the national security services and will follow up complaints from individuals;
- Complaints must resolved within 45 days and a free of charge alternative Dispute Resolution Procedure will be available. EU Citizens will also be able to seek help via their own national data protection authorities and if a case cannot be resolved there will be an enforceable arbitration mechanism;
- US companies will register on the Privacy Shield list and self-certify that they meet the requirements on an annual basis. Such companies’ privacy policies will be monitored and actively verified by the US Department of Commerce.
The Privacy Shield will not come into effect until the EU Commission issues an adequacy decision to the effect that the Commission is satisfied the principles that companies registered with the Privacy Shield have to abide by offer an adequate level of protection of personal data. We will keep you updated as the new regime takes shape and comes into effect but in the meantime, if you would like advice about data protection then talk to Tollers on 01908 396 230 and ask to speak to Liz Appleyard in our Commercial Law team.