Early in February, the EU and the US came to an agreement with regards to transatlantic data flows, called the EU-US Privacy Shield. This agreement is to replace the Safe Harbour agreement, which has been invalidated. This new arrangement places stronger obligations on US companies when it comes to protecting the personal data of European citizens while calling for stronger monitoring and enforcement by the US Department of Commerce and the Federal Trade Commission, particularly through cooperation with European Data Protection Authorities (DPAs).

The validity of this agreement is being debated by several critics, including MEPs and comments by the EU's DPAs about this are expected to be released soon. The new arrangement includes the following conditions:

The guarantee of safeguarding individual rights when handling European citizens' personal data

US companies will be subject to stricter obligations when handling European citizen's data. The US Department of Commerce will monitor that companies are respecting their commitments while US companies handling European human resources' data have to comply with European Data Protection Authorities' regulations.

Transparency obligations on US Government Access

The access of public authorities to personal data of European citizens for law enforcement and national security purposes will be subject to safeguards, oversight mechanisms and other clear limitations. An annual joint review will be held to monitor the effectivity of the new arrangement while national security access will also be discussed during this meeting. The annual review will be helmed by the European Commission and the US Department of Commerce and attended by invited national security experts from the US and the EU.

EU Citizens will have increased redress possibilities

Any European citizen who believes that their data has been misused beneath this agreement, will have increased redress possibilities. US companies will have deadlines to respect in replying to complaints while European DPAs will be able to refer complaints to the Department of Commerce and the Federal Trade Commission. In addition, alternative Dispute Resolution will be free of charge while a new Ombudsperson responsible for handling complaints about possible access by national intelligence authorities will be appointed.

A draft “adequacy decision” will be prepared in the next weeks. At a later stage, this could be adopted by the College of the EU Commissioner. Meanwhile, the US will make the necessary arrangements to embrace this new framework, set monitoring mechanisms in place and appoint the new Ombudsperson.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.