The Privacy Shield Between the EU and the US

11/10/2016

The new agreement for personal data transfer between Europe and the United States – the "Privacy Shield", was formally approved by the European Commission this summer. The agreement was adopted after the European Court declared the previous agreement (known as "Safe Harbour") invalid in October 2015. The new agreement provides for:

  • New obligations for companies handling personal data: the US Department of Commerce will control the participating companies to ensure they comply with the rules, which they have accepted willingly. The companies will be subject to sanctions and will be removed from the list if they fail to comply;
  • New guarantees and obligations for transparency in relation to access to information by US public authorities: the US has undertaken to exclude indiscriminate mass surveillance of personal data, whereas the collection of datasets can be carried out only under certain conditions;
  • Mechanisms for protecting personal rights: every citizen who thought their data was abused would be able to use several mechanisms for resolving the dispute:
    • complain directly to the data processing company in question, which has to intervene in the appeal;
    • alternative dispute resolution;
    • turn to the national data protection authorities;
    • arbitration mechanism (provided as a final measure);
  • Mechanism for performing annual joint review: monitoring on the functioning of the "Privacy Shield", including the observation of the commitments and assurances regarding the access to data for law enforcement and national security purposes.

Authors

Picture of Maya Aleksandrova
Maya Aleksandrova
Senior Associate
Sofia