Nearly four months after being struck down, the US and EU have reached a new Safe Harbor deal. It’s called the "EU-US Privacy Shield" and will facilitate the transfer of European citizens’ data to American companies. While the framework has been ironed out verbally, European authorities still need to create a full draft about the decision in the coming weeks and then have it approved by the Union’s 28 member states. Meanwhile, US companies need to formalize their steps to meet all requirements.
Features of the new agreement include an outline for resolving disputes if European citizens feel their data has been misused or abused. The FTC will help field those complaints, and US companies will have strict deadlines to address them. Additionally, a new national security watchdog will be appointed to deal with national intelligence issues. That person will address instances of oversteps in power, or really, if the agreement is abused to allow for mass surveillance. Other features include regulations around how American companies process European data. These companies will have to commit to "robust obligations" about how data is processed in order to keep it safe from mass surveillance and other potential violations of individual rights.
the union’s 28 member states need to approve the agreement put in place
EU-US Privacy Shield won’t maintain the old status quo, according to a press call with the US Department of Commerce today. The agency wouldn’t go into specifics, but did say companies will have to attend information sessions to learn more about how they’ll have to alter their current business models. If, ultimately, all these safeguards fail or turn out to be inadequate, the EU will host an annual joint review to go over possible revisions or amendments.
Created in 2000, Safe Harbor facilitated the transfer of Europeans’ data to the US. In the wake of Edward Snowden’s revelations, however, and growing concern over mass surveillance efforts, a European court struck the rule down this past October.
a European court struck the ruling down
"In 2000 [the deal] was also a good solution, but at that time, we didn’t have any kind of imagination about even possibilities for mass surveillance," Andrus Ansip, vice president for the Digital Single Market on the European Commission, said during today’s press call.
On the US side, the deal is welcomed. Companies have been unable to transfer data since the rule was thrown out, which affected everything from internal business records to consumer-facing products, like Google Search.