Safe Harbor update - EU and US agree in principle on Safe Harbor 2.0: “EU-US Privacy Shield”

February 2, 2016

This is an update following our earlier item “Safe Harbor update – and what to do” which can be found here.

A couple of days after expiry of the 31 January deadline, political agreement has been reached for a new arrangement for data transfers from the EU to the US, to be known as the “EU-US Privacy Shield” (aka Safe Harbor 2.0).

This follows the European Court of Justice decision in October 2015 in the Schrems case that the (old) Safe Harbour arrangement was invalid.

The new arrangement will provide stronger obligations on US companies to protect the personal data of Europeans and stronger monitoring and enforcement by the US FTC.

To facilitate the data flows, the US has been forced for the first time to give a commitment that access by US public authorities to the personal data of EU citizens will be subject to clear conditions, limitations and oversight. The US has also given an assurance that it will not conduct mass or indiscriminate surveillance of Europeans.

US companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed. The Department of Commerce will monitor that companies publish their commitments, which makes them enforceable under US law by the FTC.

It is very common for EU based subsidiaries of US groups to transfer HR data to the US parent. Under the EU-US Privacy Shield any US company handling HR data from Europe will have to commit to comply with decisions by European DPAs.

In addition, Europeans who consider that their data has been misused will be able to raise any enquiry or complaint with a dedicated new Ombudsperson.

Comment

While it is remarkable to reach agreement on such matters within such a short space of time, underlining the political urgency, it’s not all done yet. The EU have to prepare a draft "adequacy decision" in the coming weeks. And the US have to put in place the new monitoring mechanisms and new Ombudsman. We continue to watch the space!

Meanwhile, bear in mind that Safe Harbor/the EU-US Privacy Shield is not the only solution to data transfers from the EU to the US and we continue to work with many companies to put in place other solutions, such as contracts based on model clauses or binding corporate rules.

For more information please contact
Nigel Miller/Laura Monro


Related pages:

Technology, Media & Digital more

icons Addthis Print Contact Register

Contact

tel: +44 (0) 20 7628 2000
10 Finsbury Square, London, EC2A 1AF
View map


For more information

 image

Nigel Miller
Partner
Direct dial: +44 (0)20 7614 2504
nmiller@foxwilliams.com

 image

Laura Monro
Senior Associate
Direct dial: +44 (0)20 7614 2646
lmonro@foxwilliams.com

Accreditations

  • Top Ranked Chambers UK 2014 - Leading Firm
  • Ranked in Chambers Europe 2013 - Leading Individual
  • Ranked in Chambers Global 2014 - Leading Firm
  • Legal 500 - Leading Firm
  • The Lawyer UK 200 - Listed Firm
  • The Law Society Excellence Awards 2012 - Shortlisted
  • Investors in People - Bronze