The US and the EU have announced they have come to a conclusion and agreed a new deal on personal data transfers between the two continents, the EU-US Privacy Shield.
The new agreement, which will replace the previous data transfer mechanism called ‘safe harbour’, is expected to provide better protection for the Europeans and their businesses whose data is being transferred to the US and processed by the American data centres. The move is expected to make a difference for both tech giants as well as smaller companies.
In 2015 the European Court of Justice ruled that the prior regulations called ‘safe harbour’ were no longer valid. The prior regulations were also a subject to strong criticism as they granted the US intelligence services the robust access to data.
Therefore the new agreement has been designed to improve and ensure the security and strengthen the obligations on the US to maintain the enhanced protection for the Europeans and their data. This comes with some new requirements and regulations that the American companies will need to follow under the supervision of the US Department of Commerce and the Federal Trade Commission.
In particular, the American companies that deal and import the European personal data will have to follow the new guidelines on how the date is processed while the businesses dealing with human resources data will be obliged additionally to comply with decisions by European Data Protection Authority (DPAs)
Secondly, the US will also create the role of a special ‘Ombudsperson’ who will deal with the complaints made by European individuals regarding the possible access to their data by national intelligence authorities. What’s more, the US has given for the first time the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations and ruled out mass surveillance on the personal data transferred from Europe as a part of a new agreement. Both sides have also agreed to hold an annual joint review to monitor the situation.
“I have been very clear from the start: we want to be sure that when Europeans personal data is sent to the US, the data continues to be protected. Secure and open exchange of data is very important in our digital world. We have agreed with our US partners a new framework that will ensure the right checks and balances for our citizens. Commissioner Jourova Vera and her team have negotiated a mechanism which is robust and offers significant improvements compared to the previous scheme,” says Andrus Ansip, European Commission Vice President, in charge of the Digital Single Market.