ANALYSIS
U.S.-EU Reach New
Agreement on Data Transfers
On 6 October 2015, the European Court of Justice
invalidated the 15 year old “Safe Harbour” agreement
between the U.S. Department of Commerce and the
European Union that regulated the way that U.S. companies could export and handle the personal data of
European citizens. Since that time, roughly 4,500 companies that used the agreement – including global tech
and internet giants – have been left in limbo.
On February 2, 2016, a new agreement was reached,
called the Privacy Shield pact. According to a European
Commission press release1,
The new arrangement will provide stronger obligations on companies in the U.S.
to protect the personal data of Europeans
and stronger monitoring and enforcement
by the U.S. Department of Commerce and
Federal Trade Commission (FTC), including through increased cooperation with
European Data Protection Authorities. The
new arrangement includes commitments
1
by the U.S. that possibilities under U.S. law for public
authorities to access personal data transferred under
the new arrangement will be subject to clear conditions, limitations and oversight, preventing generalised
access. Europeans will have the possibility to raise any
enquiry or complaint in this context with a dedicated new
Ombudsperson.
In response to the
announcement, U.S. Chamber of Commerce Executive Vice President and
Head of International
Affairs, Myron Brilliant,
warned that:
While the agreement represents a critical first step,
businesses need sufficient
time to review it and imple Y[