EU and US Agree to Replace Safe Harbor Data Transfer Agreement with EU-US Privacy Shield

Privacy_Shield_Datenschutz-595x440

Written By ESR News Blog Editor Thomas Ahearn

The European Union (EU) Commission and the United States (US) have agreed on a new framework for data transfers called the EU-US Privacy Shield to replace the invalidated Safe Harbor pact, according to a European Commission press release (PDF). The deal creating a replacement for the 16-year-old Safe Harbor agreement comes two days after the original January 31, 2016 deadline for such an agreement had passed.

The EU-US Privacy Shield reflects the requirements set by the October 6, 2015 ruling by the European Court of Justice that declared the old Safe Harbor framework invalid. On October 16, 2015, privacy watchdog group Article 29 Working Party issued a statement calling on the US and EU to find a new solution by the end of January 2016 or else face possible “coordinated enforcement actions.”

The EU-US Privacy Shield places more obligations on U.S companies to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission (FTC), including increased cooperation with European Data Protection Authorities (DPAs). The new framework replacing Safe Harbor will include the following elements:

  • Strong obligations on companies handling personal data of Europeans and robust enforcement: U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed.
  • Clear safeguards and transparency obligations on U.S. government access: For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms.
  • Effective protection of EU citizens’ rights with several redress possibilities: Any citizen who considers that their data has been misused under the new arrangement will have several redress possibilities. Companies have deadlines to reply to complaints.

“We have agreed on a new strong framework on data flows with the US,” Vice-President for the Digital Single Market on the European Commission Andrus Ansip stated in the press release. “Today’s decision helps us build a Digital Single Market in the EU, a trusted and dynamic online environment; it further strengthens our close partnership with the US. We will work now to put it in place as soon as possible.”

“The new EU-US Privacy Shield will protect the fundamental rights of Europeans when their personal data is transferred to U.S. companies,” said EU Commissioner for Justice Věra Jourová. “For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards, and oversight mechanisms.”

The College of Commissioners, which approved the political agreement reached, has mandated that Vice-President Ansip and Commissioner Jourová to prepare the necessary steps to put in place the new arrangement to replace Safe Harbor. This new framework will protect the fundamental rights of Europeans where their data is transferred to the United States and ensure legal certainty for businesses.

Article 29 Working Party (WP29) issued a press release about the new EU-US Privacy Shield agreement: The WP29 calls on the Commission to communicate all documents pertaining to the new arrangement by the end of February. The WP29 will then be in position to complete its assessment for all personal data transfers to the U.S. at an extraordinary plenary meeting that will be organized in the coming weeks.

The U.S. Department of Commerce released a EU-US Privacy Shield Fact Sheet that lists the many ways the EU-US Privacy Shield “significantly improves commercial oversight and enhances privacy protections” and “demonstrates the U.S. Commitments to limitations and safeguards on national security.” EU individuals will have access to multiple avenues to resolve concerns at no cost to the individual.

“Beyond being essential to transatlantic commerce, the EU-U.S Privacy Shield also underscores the strength of the U.S.-EU relationship. It demonstrates our commitment to working together as leaders in the global economy, promoting our shared values, and bridging our differences where they exist,” U.S. Secretary of Commerce Penny Pritzker said in a statement about the EU-US Privacy Shield.

“Under the new agreement, the EU-U.S. Privacy Shield, the Federal Trade Commission will continue to prioritize enforcement of the framework as part of our broader commitment to protect consumers’ personal information and privacy. We will continue to work closely with our European partners to ensure consumer privacy is protected on both sides of the Atlantic,” FTC Chairwoman Edith Ramirez said in a statement on the agreement.

As reported earlier by ESR News, the ruling invalidating Safe Harbor stems from the case of Maximillian Schrems v. Data Protection Commissioner where an Austrian citizen lodged a privacy complaint about his data being transferred to servers in the U.S. for processing claiming that the U.S. did not offer sufficient protection against government surveillance due to revelations made by defector Edward Snowden.

“This is a critical step for employers that need to conduct international due diligence but the devil is in the details and firms that provide international screening services will need to closely follow and monitor the new rules,” said Attorney Lester Rosen, founder and CEO of Employment Screening Resources® (ESR), a global background check firm located in the San Francisco, California area.

ESR completed a SOC 2® Type 2 Data Security Audit that confirms the company meets high standards set by the American Institute of Certified Public Accountants (AICPA) for protecting the security, confidentiality, and privacy of consumer data used for background checks. For more information about ESR, call toll free 888.999.4474 or visit http://www.esrcheck.com.

NOTE: Employment Screening Resources (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this web site is for educational purposes only.

© 2016 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.