On February 2, 2016, the European Commission (EC) and United States Department of Commerce agreed on a new framework for the transfer of personal data from the European Union (EU) to the United States. This new framework, named the EU-U.S. Privacy Shield, replaces the EU-U.S. Safe Harbor Framework that was invalidated by the European Court of Justice on October 6, 2015. Key provisions of the Privacy Shield Framework are as follows:
What Happens Next?
The EC will draft an adequacy decision and will then send the decision to the Article 29 Working Party (WP29) for consideration. The College of EU Commissioners will then need to adopt it, taking into consideration the opinion of the WP29 and consulting with a committee composed of representatives of the member states. On the US side, the Judicial Redress Act needs to be signed by the president and an ombudsperson needs to be appointed. All of this will likely take months. In the meantime, it is the understanding of the Department of Commerce (DOC) that EU Data Privacy Authorities (DPAs) will suspend enforcement for Safe Harbor compliant companies until all the details are resolved and published. The DOC recommends that currently Safe Harbor certified companies maintain their certification, renewing if necessary, until the final guidelines are published. The DOC expects to send an email to all the currently certified Safe Harbor companies with detailed guidance about how the privacy policies need to be revised and how a company certifies EU-U.S. Privacy Shield compliant. Those details are expected to be released the first week of March 2016.
Supported By WordPress Database Support Services