Shortly after the period of grace for transatlantic data transfer for companies expired EU-commission and US-government decided on a renewed data protection agreement. Safe Harbor is now called Privacy Shield.
On the afternoon of February 2nd 2016 the EU-commission announced via Twitter the successful end of months of struggle for an agreement on data transfer from Europe to the USA. EU-commission and US-government agreed on a successor to Safe Harbor which had been declared invalid in October 2015: Safe Harbor will now be followed by Privacy Shield.
EU-US agreement on new framework for transatlantic data flows: https://t.co/cveqeEJU8R | #PrivacyShield pic.twitter.com/bry6orqRae
— European Commission (@EU_Commission) 2. Februar 2016
Privacy Shield – key points
- US-companies that want to import data from Europe will be supervised more strongly by the US Department of Commerce überprüft, if they follow the judicial standards. The companies will have to officially pledge to these standards and will be triable in front of the Federal Trade Commission (US FTC).
- Transparent regulations on surveillance by US-gorvernment: The United States will announce for the first time in writing, that there are precise limits, mechanisms and safeguards, which will disallow the unrestricted control by the US-gowvernment (NSA).
- Clear complaint process Beschwerdeweg: EU citizens will complain in first instance to the US-company itself, if they think that their data was transferred illegally to the USA. The companies have a defined deadline within which they have to react to this complaint. In case this deadline expires citizens can adress the data protection agency of their respective home country which then will get in touch with the US-trade commission FTC and confer about the complaint. If these talks don’t come to a decision, a newly appointed ombudsperson in the US foreign ministry will make a ruling.
Privacy Shield – next steps
- Andrus Ansip, vice president of the EU commission, and European Union’s Commissioner for Justice Věra Jourová will prepare a final draft of Privacy Shield, which has to be supported by European data protection officers and the states of the EU itself.
- The USA will appoint an ombudsperson with in the US-foreign ministry and will get ready to implement Privacy Shield and the control mechanism it includes.
The agreement on Privacy Shield brought forth supporters as well as critical point of views, that think that the Safe Harbor follow-up is not going far enough in terms of data protection.
Jan Philipp Albrecht, member of the European Parliament and one of the speakers at European Data Protection Days 2016 emphasized that this agreement is not a signed deal.
Listen carefully: @EU_Commission and US side will need ‘some’ weeks to get this into concrete legal wording. This is no ‘deal’! #safeharbor
— Jan Philipp Albrecht (@JanAlbrecht) February 2, 2016
Data privacy activist Maximilian Schrems as well thinks that a lot of issues have not been clarified.
STATEMENT on #PrivacyShield / (#SafeHarbor 1.1)
“European Commission may be issuing a round-trip to Luxembourg”
PDF: https://t.co/l9fxBp1T7b— Max Schrems (@maxschrems) 2. Februar 2016
You can read the complete press release by the EU commission on Privacy Shield here.
Privacy Shield @ EDPD16
Following this ground breaking decision Privacy Shield will of course play a key role in key notes, speeches, and discussions of the European Data Protection Days (#EDPD16) in April in Berlin.