Privacy Shield â new Safe Harbour agreement reached | DMA

Filter By

Show All
X

Connect to

X

Privacy Shield â new Safe Harbour agreement reached

T6b31ec1f3668-eu-us-flags_56b31ec1f3562-260.jpeg

UPDATE: On February 2 the European Union reached agreement with the US on a new framework for transatlantic data flows following a small delay

Vice President for the Digital Single Market on the European Commission Andrus Ansip said: "Our people can be sure that their personal data is fully protected. Our businesses, especially the smallest ones, have the legal certainty they need to develop their activities across the Atlantic.

"Today's decision helps us build a Digital Single Market in the EU, a trusted and dynamic online environment; it further strengthens our close partnership with the US," he said

European commissioner for justice, consumers and gender equality Vera Jourová said: "The new EU-US Privacy Shield will protect the fundamental rights of Europeans when their personal data is transferred to U.S. companies.2

The new name for the agreement is 'EU-US Privacy Shield' rather than 'Safe Harbour' 1.1 or 2.0.

This is presumably designed to indicate that this a fresh agreement rather than a updated version of Safe Harbour, which ran into difficulty, struck down in the Schrems case

Schrems case

The European Court of Justice struck down the previous Safe Harbour agreement in October 2015 following a case brought by Max Schrems. Schrems said the 'Safe Harbour', extended to some 3,000 US tech firms that permitted those firms to move data to the US from the EU offered no protection to EU citizens in light of the revelations made by Edward Snowden.

This forced the European Commission to negotiate a revised agreement with the US.

Reaction of the European national data protection authorities

The European national data protection authorities finished a regular two day meeting on February 3, and this topic was top of the agenda. The conclusions of the meeting were as follows:

  1. Model Contract Clauses and Binding Corporate Rules can be used for the moment to transfer personal data to the US
  2. The national data protection authorities will review the new EU-US Privacy Shield, Model Contract Clauses and Binding Corporate Rules at the same time to see whether the three transfer mechanisms meet the requirements of European law, specifically with regard to intelligence activities
  3. The assessment for all personal data transfers to the US will be done at a special meeting to be organised in the coming weeks.

What should members do now?

The new Privacy Shield agreement will take around three months to finalise so members who transfer personal information to the US and have relied on Safe Harbour should have already reviewed the transfer and be thinking about using Model Contract clauses instead.

The ICO has advised UK companies not to panic and this advice still holds.

Members using the goods and services of US tech companies may well have been asked to sign Model Contract Clauses by those US-based companies already.

Members should certainly consider putting in place alternative arrangements because of a legal challenge to the new Privacy Shield Agreement

Will there be a legal challenge to the new Privacy Shield agreement?

Max Schrems indicated that following the press conference on February 2 that: "Judging from the mere headlines we know so far, I am however not sure if this system ( Privacy Shield) will stand the test (set out in the Schrems judgement) before the European Court of Justice. There will be clearly people that will challenge this- depending on the final text I may well be one of them”

The DMA will keep members advised of further developments.

Remember: our annual data protection summit takes place February 26, featuring keynotes from the ICO’s Chris Graham, the DCMS’ Baroness Neville-Rolfe and Facebook. Find out more here.

Please login to comment.

Comments

Related Articles

Businesses must be ethical in their telemarketing practices to protect customers from unwanted, intrusive, or deceptive calls, ensuring their privacy and well-being are respected. Read how

Depositphotos_718680692_S.jpg

This article is written by MBA Group Ltd.

priscilla-du-preez-tAnrp8P51tY-unsplash.jpg

As abandoned baskets reach the highest levels in a decade, how can you make sure your customers successfully checkout?

hero-man-thinking-about-making-a-purchase.webp
As Black Friday approaches, marketers face pressure to captivate customers. The '23 season showed how brands use real-time data, AI, and dynamic content to tailor their messaging and boost engagement. Learn from them to shape your strategy.
iStock-1661657038.jpg