Thursday, March 10, 2016

United States: Privacy Shield Takes Another Step Forward

Roughly three weeks ago EU and U.S. negotiators announced that they had reached agreement on a replacement for the Safe Harbor mechanism for compliance with European regulations on transfers of personal information to the United States. More than 4,000 U.S. businesses were reliant on Safe Harbor to allow them to receive data from Europe on EU-based customers and employees when, in October 2015, it was invalidated by the EU Court of Justice, creating great risk for the businesses that had relied on it. As we reported here, representatives of the U.S. and the EU had already missed the deadline set by European privacy regulators to satisfactorily replace Safe Harbor or see the flow of data to the U.S. cease when a deal was struck even as the deadline in fact passed. The trouble with the February agreement was that the negotiators had nothing to show the regulators beyond an outline of the principles underpinning the deal.

The European regulators' body, known as the Article 29 Working Party ("Working Party"), with which the European Commission ("Commission") must consult on data protection matters, adopted a "wait and see" attitude after the Privacy Shield announcement. However, to avoid a data flow interruption, the Working Party gave U.S. and EU officials an end of February deadline to disclose the details of the Privacy Shield for its review.

On the last day of February, just within the deadline set by the Working Party, the European Commission released the details of the Privacy   Shield agreement announced four weeks earlier. Accompanying that text was a draft decision of the Commission declaring that the Privacy Shield will provide adequate protection to the privacy rights of EU citizens whose private information will be transferred to the U.S. under its terms. A decision with respect to the adequacy of a data protection mechanism by the Commission is a predicate under the Data Protection Directive to the lawful transfer of personal data outside the EU. 

By Scott J. Wenner
Schnader Harrison Segal & Lewis LLP

read full article at Mondaq


No comments:

Post a Comment

Hi and thank you for your interest in sharing your view.

Please be aware that your message should follow the rules of creative criticism and knowledge/ideas sharing. No defamatory, insulting, hideous, hateful, inapropriate language or targeted messages would be posted.No trademark or IP violation will be allowed nor the promotion of any commercial services or products. Of course anything that can violate others' privacy is not allowed as well.

Last, but not least, mind that it is better to have a discussion than angry monologues.

That is all. Comments welcome!