Following the break down of the Safe Harbour Agreement last October (2015), it looked difficult for EU and US authorities to agree a new deal to ensure adequate safe guards for personal data transferred and processed in the US.
Despite both parties already being in talks prior to the EU Court Ruling against Safe Harbour, as January passed it looked like the opportunity had been lost.
However, on 3rd February 2016 a new Privacy Shield Agreement was announced.
New Data Safeguards
The new arrangements include a “special ombudsman” to be set up in the US to deal with complaints from EU citizens about American handling of their data.
The US Office of the Director of National Intelligence will also give a written undertaking that they will not carry out mass surveillance on EU data.
These new arrangement will be subject to an annual review, and companies who fail to comply with the requirements could be prevented from using the agreement.
What’s Next for the Privacy Shield?
The EU-US Privacy Shield Framework is in its early stages, and a full draft is expected by the end of February 2016 – following feedback from European watchdogs.
Tech companies in both American and Europe will feel slightly more relaxed at the prospect of this agreement, which will essentially mean business as usual.
However, the news of America conceding new rights for European citizens against US surveillance, even under the justification of national security, is a significant step.
Countries Outside the EU with Adequate Data Protection
All EU Member states are obliged to follow the Data Protection Directive (soon to become the General Data Protection Regulations), ensuring adequate controls over the collection and processing of personal data. In addition to EU countries, Iceland, Liechtenstein and Norway also form part of the European Economic Area (EEA) and movement of data within this EAA faces less challenges, although it is still subject to the data protection principles.
However, the European Commission has identified countries outside of the EEA that it considers has an adequate level of data protection. These includes Canada, Switzerland and New Zealand. The US has previously only been listed in the context of the Safe Harbour agreement, showing the significance of this recent breakdown.
Find the list of acceptable non-EEA countries on the commission’s website: http://ec.europa.eu/justice/data-protec … dex_en.htm
See how the Safe Harbour began: http://www.riskbriefing.co.uk/safe-harb … eu-ruling/