Outside of the Safe Harbour will the EU-US Privacy Shield be enough to protect European citizens private data?
Safe Harbour is to be replaced by the EU-US Privacy Shield after the EU and the US finally reached a deal to facilitate the transmission of data from the EU to the US while protecting European citizens’ private data from mass surveillance.
The longstanding Safe Harbour was made invalid in October after a succession of court cases mounted by privacy campaigner Max Schrems. The case was given extra impetus when former NSA contractor Edward Snowden revealed how the NSA was spying on Europeans’ private communications.
The EU-US Privacy Shield deal was reached today (2 February) after US and EU negotiators were deadlocked in Safe Harbour negotiations when the 31 January deadline passed.
Unless an agreement was reached, the collapse of the free flow of data could have impacted internet users, as the cost of data storage on both sides of the Atlantic would have inevitably gone up.
As part of the deal, a top US official will send a signed letter pledging that the US will avoid indiscriminate mass surveillance of EU citizens following the Snowden revelations.
More than 4,000 companies, including Google, Facebook and Microsoft, have been awaiting this agreement in order to be able to transfer personal data across the Atlantic. This can include everything from email to social media and personal photos.
‘Our people can be sure that their personal data is fully protected’
– ANDRUS ANSIP, EUROPEAN COMMISSION
“We have agreed on a new strong framework on data flows with the US,” the vice-president for the Digital Single Market on the European Commission, Andrus Ansip, said.
“Our people can be sure that their personal data is fully protected. Our businesses, especially the smallest ones, have the legal certainty they need to develop their activities across the Atlantic.
“We have a duty to check and we will closely monitor the new arrangement to make sure it keeps delivering. Today’s decision helps us build a Digital Single Market in the EU, a trusted and dynamic online environment; it further strengthens our close partnership with the US. We will work now to put it in place as soon as possible.”
How EU-US Privacy Shield will function
Under the new agreement, the EU-US Privacy Shield will place strong obligations on companies handling Europeans’ personal data, with robust enforcement. Any company handling human resources data from Europe has to commit to complying with decisions by European data protection authorities (DPAs).
For the first time, the US has given the EU written assurances that the access of public authorities to information for law enforcement and national security reasons will be subject to clear limitations, safeguards and oversight mechanisms.
‘The new EU-US Privacy Shield will protect the fundamental rights of Europeans when their personal data is transferred to US companies’
– VĚRA JOUROVÁ, EUROPEAN COMMISSION
The US has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement. To regularly monitor the functioning of the arrangement there will be an annual joint review, which will also include the issue of national security access by the European Commission and the US Department of Commerce.
Any citizen who considers that their data has been misused under the new arrangement will have several redress possibilities.
For complaints on possible access by national intelligence authorities, a new ombudsperson will be created.
“The new EU-US Privacy Shield will protect the fundamental rights of Europeans when their personal data is transferred to US companies,” said the European Union’s Commissioner for Justice, Consumers and Gender Equality, Věra Jourová.
“For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms.
“Also for the first time, EU citizens will benefit from redress mechanisms in this area. In the context of the negotiations for this agreement, the US has assured that it does not conduct mass or indiscriminate surveillance of Europeans. We have established an annual joint review in order to closely monitor the implementation of these commitments,” Jourová added.
Flags image via Shutterstock
