The European Commission has released the legal texts of the EU-U.S. Privacy Shield. The EU-U.S Privacy shield replaces the safe harbour arrangement that was declared invalid by the European Court of Justice in October 2015. The replacement of the safe harbour arrangement – the EU-U.S. Privacy Shield – requires U.S. authorities to provide strong commitments so that the Privacy Shield will be strictly enforced and assured there is no indiscriminate or mass surveillance by national security authorities.
EU-U.S Privacy Shield
The European Commission claims in a fact sheet that the “EU-U.S. Privacy Shield imposes stronger obligations on U.S. companies to protect Europeans’ personal data. It reflects the requirements of the European Court of Justice, which ruled the previous Safe Harbour framework invalid. The Privacy Shield requires the U.S. to monitor and enforce more robustly, and cooperate more with European Data Protection Authorities”.
Privacy complaints have to be resolved by companies within 45 days. A free of charge alternative dispute resolution mechanism will be establish to deal with privacy complaints. EU citizens can also go to their national Data Protection Authorities (DPAs), who will work with the US Federal Trade Commission to ensure that unresolved complaints by EU citizens are investigated and resolved. If a case is not resolved by any of the other means, as a last resort there will be an arbitration mechanism ensuring an enforceable remedy. Moreover, companies can commit to comply with advice from European DPAs. This is obligatory for companies handling human resource data.
The European Commission has also simultaneously released the finalised reform of EU Data protection rules, which will apply to all companies that provide goods or services in the EU market. It will come into force in 2018.
Update 14 April 2016 : The Article 29 Working Group has raised serious concerns about the EU-U.S Privacy Shield.