After months of negotiations, today the College of Commissioners formally adopted the EU-U.S. Privacy Shield (“Privacy Shield”). This is an encouraging development for the more than 4,400 U.S. companies that had previously relied on the U.S.-EU Safe Harbor framework and sought legal certainty regarding data transfers in its wake.
As we reported in a previous post, the Article 29 Working Party and European Parliament expressed concerns about a prior draft of the adequacy decision and recommended several key changes. After revisiting the negotiating table, the European Commission and U.S. Department of Commerce incorporated the Article 29 Working Party recommendations in a revised draft that the Article 31 Committee EU Member State representatives approved on Friday. Today’s formal adoption of the decision by the College of Commissioners was the final step in the Privacy Shield approval process.
European Commission Vice-President Ansip stated that the new framework will “protect the personal data of our people and provide clarity for businesses”. Nevertheless, Privacy Shield will likely face its first legal challenges rather quickly to determine whether it will stand up to the claims that brought down the Safe Harbor.
In the meantime, the Department of Commerce has issued guidance on how to join Privacy Shield for interested companies. Companies will be able to self-certify to the Department of Commerce on August 1, 2016.