New Privacy Shield Pact Approved In EU – New Rules Provide Needed Clarity, But for How Long?
Approval of a new Privacy Shield pact that requires companies engaged in the transfer of data from the EU to the US to update their data management procedures appears imminent. Companies no longer will be able to rely on previous Safe Harbor processes.
The tug of war between EU data privacy advocates wanting greater protection for personal information and businesses desperate for clear legal guidelines to protect transatlantic data flows has ended – at least for now – with approval on Friday, July 8, 2016 by the EU’s Article 31 group of a new pact governing the transfer of personal data from the EU to the US. Approval of the agreement next week by the European Commission appears to be a mere formality at this point.
As widely reported in this blog and elsewhere, the revelations by Edward Snowden of spying on personal data by the US National Security Agency eventually resulted in a decision by the European Court of Justice invalidating the so-called Safe Harbor that had governed companies’ handling and transfer of data between the US and EU. The decision left companies unsure of what their legal obligations were with respect to data transfers.
The new rules provide strengthened protection for individuals on data retention and forwarding of information, impose safeguards restricting access to data by government agencies including during transit or when transferred to the US, and include a US government ombudsman independent from intelligence agencies.
While the new accord is expected to afford some guidance for now to companies handling data between the US and the EU, some commentators think the agreement will soon be challenged before the European high court again.