NEWSLETTER ON THE EU COMMISSION PRESS RELEASE ON THE AGREEMENT REACHED (EU-US PRIVACY SHIELD) FOR TRANSFERS OF PERSONAL DATA TO THE US
On 2 February 2016, the EU Commission issued a press release (the “Press Release”) on the political agreement reached with the US (the “Agreement”), which will serve as a new legal framework for transferring personal data from the EU to the US. The Press Release highlights that this Agreement will protect the fundamental rights of Europeans when their data is transferred to the US, while granting legal certainty to companies with transatlantic operations.
Pursuant to the Press Release, the new Agreement will reflect the conditions provided in the European Court of Justice’s ruling of 6 October 2015 on the Schrems case, which declared the Safe Harbor scheme invalid as legitimate grounds for transferring data to the US. In this regard, the Press Release explains that the Agreement will establish stronger data protection obligations for companies in the US as well as stricter monitoring of such obligations by the US Department of Commerce and the Federal Trade Commission. Likewise, the Agreement will have robust safeguards on access to EU personal data by the US government or public authorities to prevent generalised access to data.
The Press Release highlights the progress made regarding European citizens’ rights to file enquiries and complaints about the processing of their data.
What will fall under the scope of the Agreement? |
- Stronger obligations on companies based in the US. US companies processing personal data of European citizens will have to comply with stricter requirements on data protection. Compliance with these obligations will be enforced by the US Federal Trade Commission. In addition, companies handling European human resources data will have to abide by decisions by the European data protection authorities.
- Safeguards and transparency obligations on U.S. government access. Access to Europeans’ personal data by the US government will be subject to certain safeguards and transparency obligations to avoid indiscriminate mass access to the data imported to the US. A review of the level of compliance with these commitments will be jointly undertaken on an annual basis.
- Effective protection of EU citizens’ rights. EU citizens who consider their data to have been misused under the new Agreement will be entitled to seek redress.
The EU Commission has announced that the final draft of this Agreement will be prepared in the coming weeks in the form of an “adequacy decision” and submitted to the Article 29 Working Party and to a committee made up of representatives of all the EU member states. Furthermore, the Press Release states that in the meantime, the US will work on adopting the measures required to implement the undertakings set out in the Agreement (e.g., monitoring mechanisms and appointing a new Ombudsman to monitor the protection of Europeans’ data).
We are highly aware of the significance of this Agreement for Spanish and US companies and its economic impact on transatlantic businesses. Therefore, we remain at your disposal for any queries or comments on this matter.
UM data protection and IT Team.
back to
top