Earlier this year in Strasbourg, the European Union together with the United States of America (“USA”) established a new framework for transatlantic data flows referred as – “Privacy Shield”.
Privacy Shield implementation comes shortly after October 2015, when the European Court of Justice invalidated the mechanism that regulated the safe harbor in the last decade – the “Safe Harbour”.
The Court considered that the “Safe Harbour” needed to be revised, because under EU legislation does not ensure in practice a sufficient level of data protection in front of the intelligence agencies.
Basically the new mechanism will be aimed at protecting the fundamental rights of European citizens and guarantee their legal security by US companies, when their personal data are transferred to the US.
The personal data represent any information relating to an identified or identifiable natural person, such as name, address, date of birth, identity number, position, e-mail etc.
Patient’s health information collected for the development and research of new medical therapeutic progress and the information collected by smart applications that measure the number of steps traveled in a day or the number of calories consumed by one person represents also information of interest as part of transatlantic data stream, which will be able to be protected by Privacy Shield.
Privacy Shield as a new mechanism for protecting the privacy of Europeans will include the following:
- strict requirements for US companies who process personal data of Europeans. US Department of Commerce and the FTC (Federal Trade Commission) will ensure that those US companies that manipulate data regarding human resources in Europe, will comply with the decisions of the European Data Protection Supervisor;
- clear safeguards and transparency obligation on the US government access to personal data of Europeans. For the first time during the development of the mechanism of the Privacy Shield, the US has provided written guarantees to EU on limitations and conditionings of US public authorities access to European data. US will consult and cooperate with the European data protection authorities and will have to commit that the possibilities under US law on access to public authorities of personal data transferred under the new framework created by “Privacy Shield” – will be subject to restrictions, conditioning and well-defined controls;
- effective protection of EU citizens’ rights, which have a variety of remedies. Any EU citizens whose personal data have been misused even under the Safe Harbour scheme will benefit several remedies available.
European Commission Vice President Andrus Ansip believes that “Privacy Shield” fully protects personal data of Europeans. Ansip also declared that this new mechanism contributes and has a very important role in strengthening the EU partnership with the US.
Also, Vera Jourova Justice Commissioner declared:
“The new EU-US Privacy Shield will protect the fundamental rights of Europeans when their personal data is transferred to U.S. companies. For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms. Also for the first time, EU citizens will benefit from redress mechanisms in this area.[…] Remedies regarding security will be managed by an independent Ombudsman for US intelligence. It will be a new instrument specially provided for this arrangement. […] We have established an annual joint review in order to closely monitor the implementation of these commitments.[…]it will be a living mechanism that will constantly be reviewed to verify that it works well. […] The new arrangement amounts to the requirements of the European Court of Justice.”
The EU is currently working with the US in the preparation and establishment of a new framework, a new monitoring mechanism and a new Ombudsman.