Most recent Update on data protection: EU-US Privacy Shield strongly supported by the member states of the European Union
On July 8th the member states of the European Union (‘the Article 31 Committee’) have given their strong support to the adoption of the EU-US Privacy Shield. The next step in the process will most likely be the formal adoption of the EU-US Privacy Shield.
Recap: EU-US Privacy Shield
In our earlier newsletters we informed you about the negotiations between the European Union and the United States in reaching an agreement on a data transfer pact to replace the invalidated Safe Harbour Principles. The EU-US Privacy Shield is meant to enable the adequately protected transfer of personal data for commercial purposes between the U.S. and the European Union. As per February 2nd of this year, the European Commission made public that the European Union and the United States had agreed upon a new data transfer framework: the “EU-US Privacy Shield”. On February 29th the European Commission published a draft adequacy decision along with the texts of the EU-US Privacy Shield (a general outline of which you can find in our earlier newsletter of this year regarding the EU-US Privacy Shield). An adequacy decision reflects the adopted position the European Commission takes regarding the level of personal data protection provided by a country outside the European Economic Area. The ‘Article 29 Working Party’, as requested, published its opinion regarding the EU-US Privacy Shield on April 14th (a general outline of which you can find in our earlier newsletter of this year regarding the EU-US Privacy Shield).
Practicalities once adopted
American organization will be able to participate by conducting a registration and annual self-certification procedure. Once registered such organizations will be periodically monitored and verified by the US Department of Commerce. A listing of all registered participants will be made available. In addition, the organizations will be required to display an easily accessible and readable privacy policy on its website in accordance with the principles of the EU-US Privacy Shield.
What to do in the mean time?
For the moment, businesses can still make use of substitute instruments (e.g. Binding Corporate Rules or Standard Contract Clauses). Relying on the Safe Harbour, however, is – since last October – no longer a legal option.
Status of the General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR will take effect on 25th of May of 2018 in all member states of the European Union without transposition having to take place into the 28 national laws.
I.M. Tempelman, 12 juli 2016
Contact
If you would like to know more about this matter or any other privacy issue, please contact mr. I.M. Tempelman.
Read more information as published by the European Commission on the Privacy Shield:
