Earlier this month, the European Commission announced it had agreed with the United States to a new framework for addressing certain privacy concerns associated with transatlantic data flows. The new EU–US Privacy Shield includes provisions subjecting U.S. authorities' access to personal data transferred to clear conditions, limitations, and oversight and allowing Europeans to have the possibility to raise concerns to a new ombudsperson. These developments will have widespread implications, including for digital health companies working across national borders. The EU–US Privacy Shield follows an October 2015 ruling by the European Court of Justice, which had invalidated the European Commission's Safe Harbor Decision because it failed to provide an adequate level of protection to personal data transferred from the EU to the United States, as required by the EU Data Protection Directive 95/46/EC (see the Jones Day Alert for more information).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.