EU-U.S. Privacy Shield – Full Text Released

On February 29, 2016, the European Commission released the text of the EU-U.S. Privacy Shield. The text reveals the details of a new framework that will place stronger obligations on U.S. companies to protect the personal data of EU citizens. It will also involve heightened compliance requirements and authorizes enforcement measures by the U.S. Department of Commerce (Commerce) and the Federal Trade Commission (FTC). The Privacy Shield replaces the previous Safe Harbor regime, which was invalidated by the Court of Justice of the European Union (CJEU) in October 2015. The Privacy Shield reflects the requirements mandated by the CJEU, as well as prior recommendations made by the European Commission.

Under the new framework, if a company wishes to transfer data from the EU, it must annually self-certify its compliance with the framework’s seven core principles: notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement and liability. A list of all Privacy Shield members that have self-certified will be maintained by the United States, and Commerce will be responsible for ensuring that companies continue to apply the Privacy Shield’s principles to protect personal data for as long as that data is retained.

View full Legal Alert



Back to top