The EU Commission has today published details on the ‘Privacy Shield’, a new programme to allow EU business to send personal data to the US without breaching EU data privacy law. The previous programme – the safe harbor – was struck down by the EU courts on the basis that the US government didn’t sufficiently protect data about EU citizens (for more information on that decision, click here). The Privacy Shield was agreed in early February (see here), but this the first time we’ve seen details, including a draft ‘adequacy’ decision by the Commission. The text must now be considered by national data protection regulators – probably during March – before it can formally be adopted by the Commission. 

Businesses that were previously using the safe harbor will want to get to grips with the Privacy Shield fairly quickly – although it’s widely expected that the Privacy Shield will come under a similar legal attack to the safe harbor. Alternative arrangements for sending data to the US, like model contract clauses and binding corporate rules, are still available – although even their status could come under scrutiny.

EU Commission press release, 29 February 2016

Letter from US FTC to the European Commission