12 July 2016 - European Commission launches EU-U.S. Privacy Shield
The new EU-U.S. Privacy Shield is based on the following principles:
Strong obligations on companies handling data: under the new arrangement, the U.S. Department of Commerce will conduct regular updates and reviews of participating companies, to ensure that companies follow the rules they submitted themselves to. If companies do not comply in practice they face sanctions and removal from the list.
Clear safeguards and transparency obligations on U.S. government access: The US has given the EU assurance that the access of public authorities for law enforcement and national security is subject to clear limitations, safeguards and oversight mechanisms. Everyone in the EU will, also for the first time, benefit from redress mechanisms in this area.
Effective protection of individual rights: Any citizen who considers that their data has been misused under the Privacy Shield scheme will benefit from several dispute resolution mechanisms - the company itself; or free of charge Alternative Dispute resolution (ADR) solutions, the national Data Protection Authorities will work with the Federal Trade Commission to ensure that complaints by EU citizens are investigated and resolved.
Annual joint review mechanism: the mechanism will monitor the functioning of the Privacy Shield, including the commitments and assurance as regards access to data for law enforcement and national security purposes.
The "adequacy decision" will enter into force immediately. Once companies have had an opportunity to review the framework and update their compliance, companies will be able to certify with the Commerce Department starting August 1.
The EU-U.S. Privacy Shield is supposed to reflect the requirements set out by the European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbour framework invalid.
For the Commission press release and further information click here