The European Commission and the United States have agreed on a new
framework for transatlantic data flows: the EU-US Privacy Shield.
Today, the College of
Commissioners approved the political agreement reached and has mandated
Vice-President Ansip and Commissioner Jourová to prepare the necessary steps to put in
place the new arrangement. This new framework will protect the fundamental
rights of Europeans where their data is transferred to the United States and
ensure legal certainty for businesses.
The EU-US Privacy Shield reflects the requirements set out by the European
Court of Justice in its ruling on 6 October 2015, which declared the old Safe
Harbour framework invalid. The new arrangement will provide stronger
obligations on companies in the U.S. to protect the personal data of Europeans
and stronger monitoring and enforcement by the U.S.
Department of Commerce and
Federal Trade Commission (FTC), including through increased cooperation with
European Data Protection Authorities. The new arrangement includes commitments
by the U.S. that possibilities under U.S. law for public authorities to access
personal data transferred under the new arrangement will be subject to clear
conditions, limitations and oversight, preventing generalised access. Europeans
will have the possibility to raise any enquiry or complaint in this context
with a dedicated new Ombudsperson.
Vice-President Ansip said: "We have agreed on a new
strong framework on data flows with the US. Our people can be sure that their personal
data is fully protected. Our businesses, especially the smallest ones, have the
legal certainty they need to develop their activities across the Atlantic. We
have a duty to check and we will closely monitor the new arrangement to make
sure it keeps delivering. Today's decision helps us build a Digital Single
Market in the EU, a trusted and dynamic online environment; it further
strengthens our close partnership with the US. We will work now to put it in
place as soon as possible."
Commissioner Jourová said: "The new EU-US Privacy
Shield will protect the fundamental rights of Europeans when their personal
data is transferred to U.S. companies. For the first time ever, the United
States has given the EU binding assurances that the access of public authorities
for national security purposes will be subject to clear limitations, safeguards
and oversight mechanisms. Also for the first time, EU citizens will benefit
from redress mechanisms in this area. In the context of the
negotiations for this agreement, the US has assured that it does not conduct
mass or indiscriminate surveillance of Europeans. We have established an annual
joint review in order to closely monitor the implementation of these
commitments."
The new arrangement will include the following elements:
· Strong obligations on companies handling Europeans'
personal data and robust enforcement: U.S.
companies wishing to import personal data from Europe will need to commit to
robust obligations on how personal data is processed and individual rights are
guaranteed. The Department of Commerce will monitor that companies publish
their commitments, which makes them enforceable under U.S. law by the US.
Federal Trade Commission. In addition, any company handling human resources
data from Europe has to commit to comply with decisions by European DPAs.
·
Clear safeguards and transparency obligations on U.S.
government access: For the first time, the US has given the EU written
assurances that the access of public authorities for law enforcement and
national security will be subject to clear limitations, safeguards and
oversight mechanisms. These exceptions must be used only to the extent
necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance
on the personal data transferred to the US under the new arrangement. To
regularly monitor the functioning of the arrangement there will be an annual
joint review, which will also include the issue of national security access.
The European Commission and the U.S. Department of Commerce will conduct the
review and invite national intelligence experts from the U.S. and European Data
Protection Authorities to it.
·
Effective protection of EU citizens' rights with
several redress possibilities: Any citizen who
considers that their data has been misused under the new arrangement will have
several redress possibilities. Companies have deadlines to reply to complaints.
European DPAs can refer complaints to the Department of Commerce and the
Federal Trade Commission. In addition, Alternative Dispute resolution will be
free of charge. For complaints on possible access by national intelligence
authorities, a new Ombudsperson will be created.
Next steps
The College has today mandated
Vice-President Ansip and Commissioner Jourová to prepare a draft "adequacy
decision" in the coming weeks, which could then be adopted by the College
after obtaining the advice of the Article 29 Working Party and after consulting
a committee composed of representatives of the Member States. In the meantime,
the U.S. side will make the necessary preparations to put in place the new
framework, monitoring mechanisms and new Ombudsman.
Background
On 6 October, the Court of Justice declared in the Schrems case
that Commission’s Decision on the Safe Harbour arrangement was invalid. The
judgment confirmed the Commission's approach since November 2013 to review the
Safe Harbour arrangement, to ensure in practice a sufficient level of data
protection as required by EU law.
On 15 October, Vice-President Ansip, Commissioners Oettinger and Jourová met business and industry representatives
who asked for a clear and uniform interpretation of the ruling, as well as more
clarity on the instruments they could use to transfer data.
On 16 October, the 28 national
data protection authorities (Article 29 Working Party) issued a statement on the
consequences of the judgment.
On 6 November, the Commission
issued guidance for
companies on the possibilities of transatlantic data transfers following the
ruling until a new framework is put in place.
On 2 December, the College of Commissioners discussed the progress of the
negotiations. Commissioner Jourová received a mandate to pursue the
negotiations on a renewed and safe framework with the US.
No comments:
Post a Comment