On February 29, the European Commission ("EC") and
U.S. Department of Commerce released the full text of the EU-U.S. Privacy Shield framework. This release
follows the February 2 announcement that EU and U.S.
officials had reached an agreement to replace the recently
invalidated Safe Harbor program ("Safe Harbor") with a
more robust and comprehensive transatlantic data transfer scheme.
The details of the Privacy Shield were released as part of a
128-page package that includes the enumeration of the Privacy
Shield Principles, the terms of the new "Arbitral Model"
that will be used to address certain unresolved data protection
claims, and letters from various U.S. regulators. The EC also
released a draft "adequacy decision" concluding
that the Privacy Shield ensures an adequate level of protection for
personal data transferred under its ambit and meets the standards
of Directive 95/45/EC. In particular, the EC emphasized the
strengthened Principles, the increased transparency obligations
imposed on participating companies, the new oversight and recourse
mechanisms, and commitments from the United States that
surveillance will be limited to what is strictly necessary.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.