Privacy Shield – The New Safe Harbour Agreement?Friday, 23 September 2016
On 12 July 2016, the European Commission adopted the EU-US Privacy Shield. The Privacy Shield will replace the old 'Safe Harbour' process of transferring personal data, which the European Court of Justice invalidated, following a legal challenge from Maximillian Schrems, in October 2015. The Privacy Shield will govern the basis upon which personal data can be transferred between the EU and U.S.
A prolonged period of negotiations between the EU and the US has been required to agree on a new framework. This framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States as well as introducing legal clarity for businesses relying on transatlantic data transfers.
The EU-US Privacy Shield is based on the following principles:
- Strong obligations on companies handling data: Authorities will conduct regular reviews of participating companies to ensure compliance, and if they do not comply, they will face sanctions or exclusion.
- Government oversight: The US has given the EU assurances that the access by public authorities for law enforcement and national security purposes is subject to clear limitations, safeguards and oversight mechanisms.
- Annual joint review: The European Commission and the US Department of Commerce will conduct an annual review with the aid of national intelligence experts from the US and European Data Protection Authorities.
- Effective protection of individual rights: Any citizen who considers that their data has been misused will benefit from several accessible dispute resolution mechanisms. A new Ombudsperson, who will be independent from the US intelligence community, will be available to deal with certain matters.
For further information on the Privacy Shield or for general advice, contact Darren Daly or a member of our Technology Team.