"Privacy Shield" Framework for Transatlantic Data Transfers Poised to Move Forward

W
WilmerHale

Contributor

WilmerHale provides legal representation across a comprehensive range of practice areas critical to the success of its clients. With a staunch commitment to public service, the firm is a leader in pro bono representation. WilmerHale is 1,000 lawyers strong with 12 offices in the United States, Europe and Asia.
After months of back and forth, an updated version of the EU-US Privacy Shield agreement originally announced in February is on the verge of being formally adopted on Tuesday, July 12, 2016.
United States Privacy

After months of back and forth, an updated version of the EU-US Privacy Shield agreement originally announced in February is on the verge of being formally adopted on Tuesday, July 12, 2016. While the final documents comprising the agreement are not yet public, a vote by the Article 31 committee, consisting of representatives from EU Member States, approved a final version of the agreement on Friday. According to a joint statement from Andrus Ansip, Vice President for the Digital Single Market on the European Commission, and Věra Jourová, European Commissioner for Justice, Consumers and Gender Equality, the new Privacy Shield is "fundamentally different" from the invalidated Safe Harbor agreement and will impose "clear and strong obligations" on industry and better enforcement mechanisms.

As we have discussed, the updated version of the Privacy Shield establishes stronger obligations on companies handing Europeans' personal data and robust enforcement, new safeguards and transparency around mass surveillance, and new redress mechanisms for EU citizens. Both the Article 29 Working Party and the European Data Protection Supervisor were critical after the framework's initial unveiling in late February. The European Commission and US Department of Commerce worked to respond to this criticism by strengthening the Privacy Shield in the following ways:

  • providing stronger rules around US mass surveillance and government access to European data;
  • strengthening the independence of the US ombudsperson who is charged with adjudicating and responding to complaints from EU citizens; and
  • further clarifying transfers of EU citizens' data to other companies.

In light of recent actions by the Irish Data Protection Authority to seek clarification from the European Court of Justice as to the validity of EU model contract clauses, the need for a functional and practical framework for transatlantic data flows is immediate. Privacy Shield will be a positive step forward in that respect. 

Although the European Commission described the Article 31 vote as a "strong sign of confidence" in Privacy Shield, four EU member states abstained from the final vote, and a court challenge to it is likely. The ultimate fate of the Privacy Shield will likely be determined by the European Court of Justice. In the meantime, the Article 29 Working Party has already announced that it plans to conduct a coordinated analysis of the framework after final approval next week.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More