On 12th July 2016 the European Commission officially announced that the European Union (the “EU”) members approve the EU-U.S. Agreement, known as the “Privacy Shield” (“the Agreement”). The Agreement is intended to protect transatlantic data transfers by providing greater defence to European citizens whose data is being transferred to American servers. The “Privacy Shield” will replace “Safe Harbour”, which has been regulating the transfer of data between EU and United States (the “U.S.”) companies since 2000.
After 2013 when revelations of mass spying by the U.S. intelligence agencies were held, in October 2014 the European Court of Justice decreed that the rights of European citizens are not completely observed.
A short time afterwards, on February 2, 2016 a political agreement on a new framework for transatlantic exchange of personal data for commercial purposes between the European Commission and the U.S. Government was concluded, whereupon the Commission released the draft adequacy decision on February 29, 2016. The final step of the formal adoption procedure includes the creation of several additional clarifications and improvements by the European Commission, which are based on the legal opinion of European data protection authorities and the resolution of the European Parliament, as well.
From legal point of view, as the experts state, within the relations between the EU and the U.S. this Agreement reflects the requirements set out by the European Court of Justice in its resolution as of October 6, 2015. According to this resolution, the old framework on the scope of privacy inviolability was cancelled. The “Privacy Shield” is an appropriate approach to overcome the divergences between the EU and U.S. operative legal regimes. The essential purpose of the Agreement is to enable a legal opportunity for European citizens to indict liability on the American institutions which monitor or tolerate leakage of personal data.
The European Commission Implementing Decision pursuant to Directive 95/46/EC of the European Parliament and of the European Council on the adequacy of the protection provided by the EU-U.S. “Privacy Shield” has been adopted and published in the Official Journal of the EU on July 12, 2016, and enters into force for the EU-members immediately. At the same time, the European Commission has published the Guide to the Agreement, explicating the available means of legal defence in case of misuse of personal data. As well as that, the full Privacy Shield Package has been published in the Federal Register. As of August 1, 2016 the “Privacy Shield” has entered into force both in the EU and the U.S. Once the companies had the necessary time at their disposal to examine the framework and to enter in compliance with its provisions, they are already able to be certified at the Ministry of Commerce, as from August 1, 2016 when the “Privacy Shield” entered into force both in the EU and the U.S. The implementation of the Agreement is entrusted to the US Department of Commerce.
We shall follow the topic closely and post updates on the enforcement and further development in the area of data protection through the newly adopted Agreement.
The article above is intended for information purposes only by drawing your attention to the newest Agreement on the protection of EU and U.S. citizens’ personal data. It should not be construed as (binding) legal advice. For a thorough understanding of the subjects covered and prior acting on any issue discussed we kindly recommend Readers consult BWSP Ilieva, Voutcheva & Co. Law Firm Data Protection team.
Please feel free to contact us for more detailed information on the subject matter.