On February 2, 2016, the European Commission (EC), United States (US) Department of Commerce, and the US Federal Trade Commission announced “political agreement” on a new privacy framework for protecting the personal data of individuals in EC member states when their data is transferred to, or accessed from, the US. The new framework, dubbed “Privacy Shield”, is intended to replace the prior “Safe Harbor” framework invalidated by the European Court of Justice in October, 2015 (for prior reporting on the invalidation of Safe Harbor in E-TIPS® newsletter, click here).
According to the EC announcement, Privacy Shield will include, among other things, “clear limitations, safeguards and oversight mechanisms” governing when US authorities can access the personal data of individuals from member states, and a new US ombudsperson dedicated to addressing complaints. Particulars are sparse at the moment.
Vice-President Ansip and Commissioner Jourová of the EC have been charged with preparing a draft proposal reflecting the framework agreed upon with the US for review by a committee of member state representatives (the Article 29 Working Party). The Article 29 Working Party has called on the EC to provide a detailed account of Privacy Shield for review no later than the end of February. A February 8, 2016 tweet from Jourová confirmed that a finalized text will be made available during the second half of February.
For news reports on Privacy Shield, follow these links: