The European Commission on Monday published the legal texts underpinning a new data protection agreement with the United States that sets out the conditions according to which personal data on EU citizens can be held in computers on US soil.
The legal texts include a reform of EU Data protection rules, which apply to all companies providing services in the EU, an 'Umbrella Agreement' regarding transatlantic data transfers for law enforcement purposes, and a replacement of the old 'Safe Harbour' framework for commercial data transfers, known as the EU-US Privacy Shield.
The new rules aim to reassure Europeans that their data will be protected from indiscriminate snooping by American intelligence agencies and aim to bring to an end over two years of legal uncertainty for companies including US internet giants Google and Facebook.
Companies wishing to transfer personal data on EU citizens to the US will now face tighter rules about passing such data on to other companies and the US government has agreed to clear safeguards and transparency obligations concerning access by its intelligence agencies. Europeans will also have access to redress mechanisms including a free alternative dispute resolution mechanism and an independent 'Ombudsperson.'
Implementation of the agreement will also be subject to an annual review by the European Commission and the US Department of Commerce.
The legal texts will now be reviewed by European data protection authorities and a committee of experts from the EU Member States, while the consent of the European Parliament will also be sought on the Umbrella Agreement.
Links to the legal texts and accompanying documents can be found here http://europa.eu/rapid/press-release_IP-16-433_en.htm