Victoria - Fotolia

European Commission releases legal details of EU-US Privacy Shield

EC claims the publication of legal texts and written assurances marks the start of the new-look data-sharing agreement coming into force

The European Commission (EC) claims to have taken its first steps towards making the proposed EU-US Privacy Shield a reality by releasing further details about the reworked transatlantic data transfer deal.

As such, information about the principles that participants in the data-sharing regime will be expected to abide by have now been made public, along with details of the “written assurances” the US government has given about how it intends to enforce the agreement.

Andrus Ansip, EC vice-president in charge of the Digital Single Market, said the publication of these documents marks the start of the EU-US Privacy Shield coming into force.

“Businesses are the ones that will implement the framework; we are now in contact on a daily basis to ensure the preparation is done in the best possible way,” said Ansip.

“We will continue our efforts, within the EU and on the global stage, to strengthen confidence in the online world. Trust is a must – it is what will drive our digital future."

The Commission claims the new-look agreement constitutes a “sound framework for commercial data exchange”, before restating that its contents will apply to all companies that provide services to the European market.

European commissioner Věra Jourová echoed these sentiments, before adding that protecting the data of citizens was a top priority for lawmakers on both sides of the Atlantic.

“The EU-US Privacy Shield is a strong new framework, based on robust enforcement and monitoring, easier redress for individuals and, for the first time, written assurance from our US partners on the limitations and safeguards regarding access to data by public authorities on national security grounds,” she said.

Read more about the EU-US Privacy Shield

The EU-US Privacy Shield is being ushered in to replace the Safe Harbour agreement, a legal mechanism previously used by thousands of US companies to transfer the data of European citizens back to the US.

However, following a lengthy legal challenge by Austrian legal student Max Schrems, the European Court of Justice ruled in October 2015 that Safe Harbour was no longer fit for purpose.

Having previously shared outline details of how the EU-US Privacy Shield would work in early February 2016, European and US lawmakers were then given until the end of the month to finalise its contents.

The new arrangement will be subject to an annual review, unlike its predecessor, and will be supported by the work of a US-based “functionally independent” ombudsmen, who will be installed to give European citizens a mechanism to report data privacy infringements, too.

The documents published today still need to be reviewed by the Article 29 Working Party, and by a committee of representatives from all 28  EU member states, before the Privacy Shield can come into force.

Read more on IT for telecoms and internet organisations