Preiskel & CoPreiskel & Co
Preiskel & Co
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Karthyaeni Vittala
    • Tina Cowen
    • D A T Green
    • Richard Stewart
    • Mor Swiel
    • Ilanit Appelfeld
    • Stephen Dnes
    • Daniel Oakland
    • Robert Harvey
    • Martina Raciti
    • Joanna Coombs-Huang
    • Xavier Prida
    • Stewart White
    • Alison MacFarlane
    • Hannah Leader
    • Peter Dally
    • Antony Corel
    • Sue Warwick
    • Tony Curzon-Price
    • Shardi Shameli
    • Stephen Hornsby
    • Ewelina James
    • Maria Constantin
    • Sophia Yakhno
    • Rachael Machado
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

Political agreement for a new framework to replace the Safe Harbour Agreement: EU-US privacy shield

February 8, 2016By Preiskel & Co

Following the invalidation of the Decision 2000/520/EC of 26 July 2000 (the “Safe Harbour Decision”) by the Court of Justice of the European Union (the “CJEU”) on 6 October 2015, US and EU officials have finally reached a political agreement for the implementation of a new framework covering the transfer of personal data between the US and the EU; the so called EU-US privacy shield. The EU-US privacy shield aims to put an end to the legal uncertainty created after the invalidation of the safe harbour scheme by the Safe Harbour Decision.

The officials have mandated Vice-President Ansip and Commissioner Jourová to take the necessary steps to put in place the new framework which will aim to: (i) protect the fundamental rights of Europeans when their personal data is transferred to the US and; (ii) provide legal certainty for businesses.

After the invalidation of the safe harbour scheme by the Safe Harbour Decision, companies that performed EU-US personal data transfers could no longer rely on the Safe Harbour agreement to comply with the EU and member states’ data protection legislation. As alternatives to the Safe Harbour scheme, many companies considered the possibility of adopting binding corporate rules or model contracts, both of which require implementing due diligence processes and ongoing assessment on a case-by-case basis.

The new framework will be marked by a stronger cooperation between US and EU authorities and enhanced protection and enforcement of EU individuals’ personal data being processed in the US.

For instance, the US has committed to put in place clear safeguards, limitations, oversight and transparency on the surveillance of personal data by public authorities, and to be held accountable in case of breach. Law enforcement and national security agencies will have access to such data on a necessary and a proportionate basis. Therefore, under the new arrangement, the U.S. will not be able to carry out indiscriminate mass surveillance on the personal data of Europeans transferred to the US.

Other relevant changes in comparison to the Safe Harbour agreement include more procedural protection for individuals to ensure an adequate enforcement the new framework preventing generalised access. Under the EU-US privacy shield companies will need to respect deadlines to answer complaints. Such complaints may be referred by European data protection authorities to the US Department of Commerce and the Federal Trade Commission. Individuals will also have access to dispute resolution and arbitration mechanisms, and to an ombudsperson in case of enquiries or complaints related to surveillance by public authorities.

Finally, the European Commission and the U.S. Department of Commerce will be carrying out annual reviews in order to assess whether the EU-US privacy shield is being complied with.

A draft of the new framework under the EU-US privacy shield is expected to be published within the next weeks and will need approval by the College of Commissioners after consultation with the Article 29 Working Party and representatives of the Member States before coming into force.

EU national data protection authorities voiced a tentative approval in respect of the EU-US privacy shield and are expecting to receive a final draft by the end of February. In a published statement, Article 29 Working Party has expressed concerns that the US legislation may not be compatible with the essential guarantees set out by the European jurisprudence on fundamental rights in respect of intelligence activities.

Once the final draft is issued, the legality of alternative mechanisms (such as binding corporate rules and model contracts) will be reviewed. In the meantime, such alternative mechanisms are still considered to be a suitable option for companies transferring personal data between the EU and US.

Despite the announcement, the future of the new framework and the international data flow is still uncertain. It is unclear whether the EU-US privacy shield will achieve its desired outcome – particularly the need for restraining mass surveillance of EU individuals by US public authorities – as the US has not implemented reforms in its surveillance legislation.

Furthermore, the Safe Harbour Decision opened the door for any national data protection authorities to ask the CJEU to challenge the legality of future arrangements, which will increase the likelihood of judicial challenges of the new framework once it is adopted.

For more information, check the European Commission press release here.

 

by Jose Saras and Natalia Porto.

(Jose Saras is a partner at Preiskel & Co LLP and can be contacted here. Natalia Porto was an associate at Preiskel & Co LLP )

Latest Preiskel & Co blog posts
  • New EU rules to boost IoT data sharing: the EU Data Act
    March 30, 2023
  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data
    March 28, 2023
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets
    March 22, 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape
    March 22, 2023
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill
    March 17, 2023
  • Stormy weather for cloud computing in the EU
    March 16, 2023
  • Inmarsat Takeover Provisionally Cleared for Take-Off
    March 10, 2023
  • EDPB’s Feedback on the New EU-U.S. Data Privacy Framework
    March 6, 2023
  • UK Data Reform Bill to return to the House of Commons
    March 3, 2023
  • DCMS Publishes New Security and Privacy Principles for App Store Operators and Developers
    February 16, 2023
  • DPO’s Dismissal & Conflicts of Interest Under The EU GDPR – CJEU Ruling
    February 14, 2023
  • ICO – Change of Deadline for Reporting Breach Notifications for Communication Service Providers
    February 6, 2023

The Preiskel Blog

  • New EU rules to boost IoT data sharing: the EU Data Act 30 Mar 2023
  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data 28 Mar 2023
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets 22 Mar 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape 22 Mar 2023

Preiskel news

  • Senior Partner, Danny Preiskel, quoted by IT Pro on the costs incurred by MNOs
  • Senior Partner, Danny Preiskel, will be a panellist at GCCM Carrier Community 2023 on IOT
  • Jose Saras and Xavier Prida Awarded First Place as Data Protection Thought Leaders in the UK
  • Ronnie Preiskel chosen to judge 24 May 2023 The Tech Capital Global Awards
Preiskel tweets
  • New EU rules to boost IoT data sharing: the EU Data Act. Find out more at: https://t.co/1OUHlssIOB2 days ago
  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data. Find out more here: https://t.co/bJkvPBvj6F4 days ago
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill. Find out more: https://t.co/3BHP1xq69Y9 days ago
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2023 | Site map | Legal notices | Cookie Policy | Privacy