European Commission launches EU-U.S. Privacy Shield: stronger protection for transatlantic data flows

Today the European Commission adopted the EU-U.S. Privacy Shield. This new framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States, and brings legal clarity for businesses relying on transatlantic data transfers. Vice-President Ansip said: “We have worked hard with all our partners in Europe and in the US to get this deal right (…) Data flows between our two continents are essential to our society and economy – we now have a robust framework ensuring these transfers take place in the best and safest conditions”. Commissioner Jourová added: “The EU-U.S. Privacy Shield is a robust new system to protect the personal data of Europeans and ensure legal certainty for businesses. It brings stronger data protection standards that are better enforced, safeguards on government access, and easier redress for individuals in case of complaints”. The EU-U.S. Privacy Shield is based on the principles of strong obligations on companies handling the data; limitations and safeguards on any U.S. government access; and effective protection of individual rights. There will be an annual joint review mechanism which will monitor the functioning of the Privacy Shield, including the commitments and assurance regarding access to data for law enforcement and national security purposes. Once companies have had an opportunity to review the framework and update their compliance, companies will be able to certify with the Commerce Department as of 1 August. More information is available in the press release and Q&A. Re-watch the press point by Commissioner Jourová and U.S. Secretary of Commerce, Penny Pritzker here. Commissioner Jourová‘s remarks are available online.