EU-US Data Shield replaces the invalid Safe Harbor Agreement
The European Commission and the United States have announced on February,2, 2016 that they have agreed on a new framework agreement with respect to the “transatlantic” transfer of personal data. This agreement, bearing the name “EU-US Data Shield”, should replace the Safe Harbour Agreement, which was declared invalid in October 2015 by the European Court of Justice in the notorious Schrems case.
At the moment the authorities have not yet published the text of the agreement. However, the European Commission has given some hints on its content by releasing a short press release (http://europa.eu/rapid/press-release_IP-16-216_en.htm). It seems that American companies will have to comply with stronger obligations when transferring data of European citizens, and will face stronger monitoring and enforcement by the American authorities, such as the US Department of Commerce and the Federal Trade Commission, for example, through the increased cooperation with European Authorities.
Furthermore, the United States have assured that the access to data of European citizens for national intelligence authorities (such as the NSA) will be limited by strict and clear safeguards and control mechanisms. For instance, data should only be accessible to the extent necessary and proportionate. Lastly, a new ombudsman function will be created as a contact point for complaints on possible access to data by national intelligence authorities.
The European authorities have in the meantime mandated Vice-President Ansip and Commissioner Jourovà to draft an “adequacy decision” on the agreement. After a written text is established, the member states will have to approve the agreement. It seems that the concrete implementation of the agreement will take a while, however The United States on their side have announced they will try to implement the agreement as soon as possible.