Tag: EU-U.S. Privacy Shield

EU-U.S. Privacy Shield operational since August, 1st

2. August 2016

The EU Commission announced yesterday the full operability of the agreed EU-U.S. Privacy Shield as substitute of the former Safe Harbor Framework. The Department of Commerce will verify the privacy policies of the U.S. Companies that sign up the Privacy Shield in order to ensure that they comply with the standards agreed on the new framework.

Furthermore, the EU Commission has also published a citizen’s guide regarding how their rights will be ensured and how to address complaints if they consider that their rights have not been respected. Amongst others, EU citizens have the right to access the data an organization holds about them, to correct their data if this is inaccurate or incorrect, to have access to the different dispute resolution mechanisms, etc.

U.S. Secretary of Commerce Penny Pritzker also made a statement regarding the launch of the new framework: “After more than two years of discussions, it is time to implement the new EU-U.S. Privacy Shield Framework with our partners in Europe and companies on both continents. With the Privacy Shield in place, businesses will be able to protect privacy and truly seize the opportunities offered by the transatlantic digital economy. More than $260 billion in digital services trade is already conducted across the Atlantic Ocean annually, but there is significant potential for this figure to grow, resulting in a stronger economy and job creation. The Privacy Shield opens a new era in data privacy that will deliver concrete and practical results for our citizens and businesses.”

Article 29 WP issues statement about the adopted EU-U.S. Privacy Shield

27. July 2016

The Article 29 WP issued on the 26th July a statement about the adopted EU-U.S. Privacy Shield. After its previous opinion on the Privacy Shield (opinion WP 238), the WP 29 welcomes the improvements brought by the final draft, but it remarks that there are still some concerns, already addressed in the Opinion WP 238, that have not been clarified yet.

Regarding commercial aspects, the Privacy Shield does not specifically address issues related to automated decision making or the general right to object. Furthermore, it is not clear the impact that the Privacy Shield shall have on data processors.

A further concern relates to the access to personal data by American public authorities. The WP 29 had expected stricter assurances that the institution of the Ombudsman is independent. Additionally, there are neither enough assurances, that a massive collection of EU citizens’ personal data will not take place.

Despite the lack of clarity in some aspects of this new framework, the WP 29 will wait until the first annual review takes place to assess the effectiveness of the EU-U.S. Privacy Shield. The result of the first annual joint review may also involve considering the effectiveness of Binding Corporate Rules and Standard Contractual Clauses.

U.S. Negotiators clarify EU-U.S. Privacy Shield

19. July 2016

Recently, the European online newspaper POLITICO published an interview conducted with the two lead U.S. negotiators of the Privacy Shield: Justin Antonipillai, counselor to Commerce Secretary Penny Pritzker and acting undersecretary of commerce for economic affairs, and Ted Dean, a deputy assistant secretary in the department.

Antonipillai explained the EU-U.S. Privacy Shield as “a program to allow companies to transfer data from the EU to the U.S. in a way that meets requirements under European privacy laws”. He remarked that the main objective of the Privacy Shield is to make both, companies and EU citizens, confident that the requirements to transfer personal data are being meet.

He also explained how American and European different methodologies to ensure privacy and data protection have converged in order to agree on the Privacy Shield. According to Antonipillai, an important fact is that companies are certifying and following the principles voluntarily.

Dean also recognizes that the Privacy Shield may be challenged in court. But he adds that the current framework has been built up and discussed with EU Institutions and European DPAs and there is an interest from both sides on a long-term duration of the new framework. Finally, he stated that the impact of the “Brexit” on international personal data transfers cannot be predicted in advance.

Pages: Prev 1 2
1 2