In June, the European Data Protection Supervisor Giovanni Buttarelli stated that there was more work to be done on the EU-U.S. Privacy Shield. As of July 12 that work has concluded: The European Commission has adopted the Privacy Shield.
In its press release, the European Commission boasts that the new framework offers stronger protection for transatlantic data flows while also providing greater clarity for businesses. The Commission also laid out the principles that are at the heart of the new Privacy Shield:
– Strong obligations on companies handling data
– Clear safeguards and transparency obligations on U.S. government access
– Effective protection of individual rights
– Annual joint review mechanism
What does Max Schrems, who filed the data privacy case against Facebook that ultimately brought down Safe Harbor, think of the new framework? According to Reuters, he said it was “little more than a little upgrade to Safe Harbor.” He has no plans to challenge it in court, though Reuters notes that others most likely will for not doing enough to protect Europeans’ data.
EU data protection authorities, which said back in April that the Privacy Shield wasn’t strong enough, will establish their position on July 25.
Now that the Privacy Shield is in force immediately, it will be published in the Office Journal in Europe and the Federal Register in the United States. From the European Commission:
The U.S. Department of Commerce will start operating the Privacy Shield. Once companies have had an opportunity to review the framework and update their compliance, companies will be able to certify with the Commerce Department starting August 1.
The European Commission offers an excellent infographic on the new framework here, including key points on what it means in practice for American companies:
– Self-certify annually that they meet the requirements.
– Reply promptly to any complaints.
– (If handling human resources data) Cooperate and comply with European Data Protection Authorities.
LLM will continue to blog on the newly adopted Privacy Shield as updates arise.