During the press conference, which took place on February 2nd, 2016 r., The European Commission announced the establishment of an agreement referred to as the “EU – US Privacy Shield”, which aims at imposing new, strengthened obligations on American entrepreneurs for transmitting personal data of European Union citizens to the United States.
Privacy Shield instead of Safe Harbour
The “Privacy Shield” is to replace the Commission’s decision regarding the “Safe Harbour”, which was annulled by the European Court of Justice ruling of 6th October 2015 (C-362/14) – as we have already shared on the blog. Until that time, the personal data of EU citizens had been transmitted to the United States based on, among others, the abovementioned decision, in accordance with which the American entrepreneurs belonging to the “Safe Harbour” were recognized as entities that meet the appropriate level of protection of personal data. Since its annulment, data administrators can not transfer the data to the US, as it was before. The above has been recently confirmed by the Inspector General for Personal Data Protection, who, at the same time, pointed out that:
In particular, for such transfers it is still possible to use standard contractual clauses and binding corporate rules approved by the Inspector General.
The new solution for the protection of personal data of Europeans in the United States is only in the design phase. Press reports and current messages from the European Commission show, however, that the new system will be focused primarily on the following issues:
The above demonstrates more responsibilities imposed on US companies in terms of personal data protection. The observance of the provisions of the new agreement will be supervised, among others, by the Department of Commerce and the US Federal Trade Commission (FTC). Moreover, the “privacy shield” is to also regulate the issues of special services access to the personal data of Europeans, and to appoint a special ombudsman who will be responsible for supervising and protecting their data against unauthorized access by law enforcement offices and security agencies.
Political agreement for starters
The previous solution of the “privacy shield” is a political agreement and is not legally binding. The exact provisions of the program will be known only after the European Commission issues a formal decision. By design, they are supposed to meet the requirements specified in the European Court of Justice’s ruling which annulled the previous “Safe Harbour” decision. Is that going to happen? Time will tell…
Will the defenders of personal data protection and the right to privacy of Europeans win the battle with American corporations? Will this battle be won? There are two possibilities… EU citizens will return with the shield or on the shield (of privacy)…