EC Gives Final Approval to Privacy Shield
Goes Into Effect August 1
In February, the U.S. and European Commission released details of the new U.S.- EU Privacy Shield to replace the Safe Harbor that was invalidated by the European Court of Justice last year.
In the spring the Article 29 Working Party (an organization of EU national data protection regulators) and the European Data Protection Supervisor Giovanni Buttare issued opinions finding the proposed shield to be deficient. As a result, the European Parliament adopted a non-binding resolution calling for the EC to “continue the dialogue with the U.S. administration in order to negotiate further improvements to the Privacy Shield arrangement in the light of its current deficiencies.”
The EC has now approved a revised Privacy Shield that added additional provisions to address EU concerns, including:
- A requirement for companies to delete personal data that no longer serves the purpose for which it was collected;
- A requirement that third party companies processing data on behalf of companies that have signed up to the Privacy Shield must guarantee the same level of protection as the Privacy Shield companies themselves; and
- Clarification from the US government that bulk surveillance would only be permitted in exceptionable circumstances and only where additional safeguards were adopted to minmize the amount of data collected and access to it.
- Clarifying the role of the new Ombudsperson.
With this sign-off, the program will be live on August 1, 2016.
Below are updated Fact Sheets and Summaries.
EU Fact Sheet
Department of Commerce Fact Sheet
EC Detailed Summary