Privacy Shield data transfer deal formally approved by EU and US

Deal will underpin over $250bn in transatlantic trade in digital services

The European Commission has formally signed off on the EU-US Privacy Shield data transfer pact as providing a standard of protection for the personal data of EU citizens equivalent to that provided in member states.
The European Commission has formally signed off on the EU-US Privacy Shield data transfer pact as providing a standard of protection for the personal data of EU citizens equivalent to that provided in member states.

The new Privacy Shield rules covering data transfers from the EU to the United States were formally approved on Tuesday, eight months after the old Safe Harbour arrangement was struck down by the European Court of Justice.

Over $250 billion dollars of transatlantic trade in digital services annually will be underpinned by the new arrangement.

Announcing the formal sign-off of the agreement, the EU and US said it imposed stricter obligations on US companies to safeguard the personal data of individuals, from health matters through to social media activities.

The US government has given assurances that any access on national security grounds by public authorities to personal data transferred under the new arrangements will be subject to “clear conditions, limitations, oversight and preventing generalised access”.

READ MORE

The two sides said the deal includes stronger monitoring and enforcement by the US department of commerce and federal trade commission, including increased cooperation with European authorities.

Under the terms of the new deal, there will be an annual joint review of Privacy Shield, while those who think their data has been misused have a route for complaint.

A new ombudsman based at the US state department will be appointed to follow up on European complaints.

At a joint launch in Brussels, Vera Jourová, Commissioner for Justice, Consumers and Gender Equality said: "The EU-US Privacy Shield is a robust new system to protect the personal data of Europeans and ensure legal certainty for businesses. It brings stronger data protection standards that are better enforced, safeguards on government access, and easier redress for individuals in case of complaints.

"The new framework will restore the trust of consumers when their data is transferred across the Atlantic. We have worked together with the European data protection authorities, the European Parliament, the Member States and our US counterparts to put in place an arrangement with the highest standards to protect Europeans' personal data."

US commerce secretary Penny Pritzker said it was "a milestone for privacy at a time when the sharing of data is driving growth in every sector, from advanced manufacturing to advertising".

However the framework also faces criticism from privacy advocates for not going far enough in protecting Europeans’ data and is widely expected to be challenged in court.

Max Schrems, the Austrian law student whose case against the Irish Data Protection Commissioner for refusing to investigate a complaint against Facebook ultimately resulted in the striking down of Safe Harbour by the Court of Justice of the European Union, said Privacy Shield was "little more than a little upgrade to Safe Harbour".

He added that he did not have plans to challenge it himself for the time being.

The independent body of EU data protection authorities, the Article 29 Working Party, which had demanded improvements to the draft deal announced in April, said it was analysing the framework and would finalise a position by July 25th.

Companies will be allowed to start the self-certification process for Privacy Shield from August 1st.

Additional reporting: Reuters/AP