EU-US Privacy Shield or a new era in transatlantic personal data flows

At the beginning of February the European Commission and the United States announced that they had agreed on a new framework for transatlantic personal data flows between the EU and the USA.

The EU-US Privacy Shield, i.e. a new solution to replace the Safe Harbor certificate, is to increase personal data protection in the areas addressed in the CJEU judgment of 6 October 2015 in the Max Schrems case, including access of US services to the personal data of EU citizens.

According to the European Commission, the new arrangement between the EU and the USA involves, e.g. creating clear warranties and commitments concerning the transparency of US government actions related to access to the personal data of Europeans, extending the obligations associated with processing the data and protecting the rights of data subjects of US firms importing personal data from the EU, reinforcing EU citizens' rights, and laying down a procedure for EU citizens to complain about the way their personal data are processed.

According to information that we have obtained, a draft decision on the EU-US Privacy Shield will be prepared by the European Commission over the next few weeks.

Full content of the legal alert is available in attached PDF.