Rules aim to preserve citizens’ data protection rights when information is transferred across the pond. The European Commission this week formally adopted the EU-U.S. Privacy Shield, which is designed to safeguard EU citizens’ personal information when it is shared with companies based in the U.S.
On the other side of the Atlantic, the rules will be enforced by the U.S. Department of Commerce, which will conduct regular reviews of companies that have signed up to the pact in order to ensure compliance.
“[Privacy Shield] will protect the personal data of our people and provide clarity for businesses. We have worked hard with all our partners in Europe and in the U.S. to get this deal right and to have it done as soon as possible,” said Andrus Ansip, vice president for the Digital Single Market, in a statement on Tuesday. “Data flows between our two continents are essential to our society and economy – we now have a robust framework ensuring these transfers take place in the best and safest conditions.”
Privacy Shield replaces the EU and U.S.’s Safe Harbour agreement, which was invalidated in October 2015 by the European Court of Justice on the grounds that the U.S. could not provide sufficient privacy protection due to its mass surveillance activities.
The U.S. has given assurances that access to EU data by its law enforcement and national security agencies will be subject to limitations, safeguards and oversight.
Anyone who considers that their data has been misused will be able to pursue various avenues of redress.
The Commission and the Department of Commerce have agreed to annual reviews of the pact to ensure it functions as intended. In the U.S., companies will be able to register with Privacy Shield from 1 August, provided they have updated their compliance.