The EU-US Privacy Shield agreement has finally been approved by governments across the European Union.
The adoption of the Privacy Shield will be welcomed by many large multinationals, such as Google and Facebook, which have been waiting for a suitable replacement for Safe Harbor since it was declared invalid in October 2015, when the European Court of Justice ruled that it failed to provide sufficient data privacy protection to EU citizens whose data was sent to the United States.
The EU Justice Commissioner, Věra Jourová, said: “The EU-U.S. Privacy Shield will ensure a high level of protection for individuals and legal certainty for business.
“It is fundamentally different from the old ‘Safe Harbour’: It imposes clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice.
“For the first time, the U.S. has given the EU written assurance that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms and has ruled out indiscriminate mass surveillance of European citizens’ data.”
The Privacy Shield states that data stored in the US about EU citizens must be given “equivalent” protection by law to what it would receive if stored in the EU.
Substantial improvements to the original text have been introduced, such as stronger rules on data retention and onward transfers, and safeguards on access to data by public authorities, as well as the appointment of a US ombudsman who is independent from intelligence agencies.