From Safe Harbour To Privacy Shield
The EU and the USA yesterday reached a deal on data protection replacing the old “safe harbour” agreement which had been struck down by the European Court of Justice (ECJ) in October when judges ruled that revelations by Edward Snowden showed that the USA privacy rules in practice were not largely equivalent to those of the EU.
EU data protection regulators had given both sides a three month grace period after the ECJ struck down the original pact in October.This new “EU-US Privacy Shield” comprehensively governing data transfer of photos to bank details includes:
(a) the requirement that the US director of national intelligence personally signs a pledge that the US will avoid “indiscriminate mass surveillance”
(b) the U.S.A, over the next three months, establishes an independent ombudsman for national security in the State Department to deal with EU data protection complaints, and
(c) the U.S. is to set up a low-cost dispute resolution system for Europeans and last-resort arbitration.
A second grace period is expected for companies to comply with the new framework.
The European Commission (through its College of Commissioners) is expected within weeks to adopt the new pact.
The agreement will be reviewed annually by both sides.
However there is controversy as to whether the Privacy Shield deal meets the requirements of the CJEU. While EU Commissioner Jourová believes that “The new arrangement lives up to requirements of the ECJ …”, others, including Jan Philipp Albrecht, deputy chair of the European Parliament’s civil liberties committee, are not convinced that the new agreement will stand up to scrutiny by the European Union Court of Justice.
See also Maximillian Schrems v Data Protection Commission – C-362/14
Full judgment at
Sources: Financial Times, London, Politico Sprl, Brussels 2.2.2016; Court of Justice of the European Union
For further information contact