One Step Closer: Draft Text Of EU-U.S. Privacy Shield Released Yesterday

Author:Mr Theodore F. Claypoole and Orla M. O'Hannaidh
Profession:Womble Carlyle

The U.S. and EU are one step closer to implementing the new EU-U.S. Privacy Shield. The European Commission and U.S. Department of Commerce yesterday announced the release of the legal texts that will put in place the EU-U.S. Privacy Shield, a new framework of rules governing transatlantic data flow.

The Privacy Shield replaces an earlier Safe Harbor mechanism, struck down by the European Court of Justice last October, saying that it did not adequately protect their citizens' privacy rights. Nearly 5,000 U.S. companies relied on the 15 year-old Safe Harbor mechanism to collect and transfer data of EU individuals into the U.S. Since the invalidation of the Safe Harbor, U.S. companies have been eagerly awaiting word of a new legal framework to govern transatlantic data transfers and to ease concerns that companies may face enforcement actions by individual EU countries.

This announcement is another sign that the Obama Administration is serious about allaying European concerns about data privacy in the U.S. Last week, the U.S. adopted into law the Judicial Redress Act, which grants EU citizens the right to enforce data protection rights in U.S. courts.

The Privacy Shield, which includes Privacy Shield Principles, is designed to offer EU individuals stronger privacy monitoring and enforcement, easier redress for concerns and includes written commitments by the U.S. government on the enforcement of the arrangement.

Yesterday, in addition to the release of the legal texts, the European Commission also made public a draft "adequacy decision" establishing that the Privacy Shield safeguards are equivalent to data protection standards in the EU.

Some of the key components of the Privacy Shield include:

Strict and transparent supervision on U.S. companies to safeguard personal data of European customers and business partners. The Privacy Shield calls for sanctions for companies that fail to protect this data or exclusions if they do not comply. Strengthening protection of personal data that is transferred from a Privacy...

To continue reading