The US and EU finalized a new Privacy Shield agreement to replace the recently invalidated Safe Harbour agreement concerning data privacy. The new program allows firms to begin self-certifying their compliance as of August 1st. As part of the agreement, the US Department of Commerce will begin conducting regular compliance reviews.
“We have worked hard with all our partners in Europe and in the US to get this deal right and to have it done as soon as possible,” Andrus Ansip, said vice president for the European Commission’s Digital Single Market initiative. “Data flows between our two continents are essential to our society and economy – we now have a robust framework ensuring these transfers take place in the best and safest conditions.”
The US government will also implement “clear limitations, safeguards and oversight mechanisms” concerning the handling of European data. Furthermore, The European Commission has assurances that bulk data collection would only be conducted “under specific preconditions and needs to be as targeted and focused as possible.”
A complaint mechanism is in place for Europeans which would be handled by the US Department of Commerce or the US Federal Trade Commission. Mechanisms also exist for an independent ombudsman where national security questions come into play.
While tech companies applauded the new agreement, European privacy advocates contend the deal still fails to protect European citizens.