According to reports, the European Union and the United States have agreed on changes to the EU-U.S. Privacy Shield (Privacy Shield) which will be sent to the EU member states and the college of the 28 EU commissioners ultimately paving the way for final approval early next month. “We have agreed on the changes and will be able to adopt it in early July,” said European Commission spokesman Christian Wigand.
Addressing many of the concerns expressed with the original draft of the Privacy Shield, the revisions include stricter rules for organizations which hold information on European citizens as well as clearer limits on U.S. surveillance. The revisions are also reported to include requirements for companies to delete personal data which no longer serves the purpose it was collected for as well as requirements for third party organizations processing data to guarantee the same level of protections as companies who have directly signed up under the Privacy Shield.
Once approved, the revised Privacy Shield will replace the invalidated EU-U.S. Safe Harbour and provide a way for organizations to transfer data across the Atlantic. Nevertheless, it is likely the Privacy Shield will face difficult tests in court requiring vigilance as organizations look to get back to the level of stability previously provided by the Safe Harbour for transatlantic transfers of data.
While the Privacy Shield remains pending, the European Commission has issued guidance on transatlantic data transfers.