As expected, the Commission has today published the documents that will constitute the EU-US Privacy Shield.
This framework of rules that U.S. companies will have to abide by will consist of (i) the “Privacy Principles”, issued by the U.S. Department of Commerce; and (ii) official representations and commitments by the U.S. Government. Further, the Commission has also published a draft “adequacy decision”, pursuant to which data flows to the U.S. generated by organisations included in the “Privacy Shield List” – and thereby committing to comply with the principles of the EU-US Privacy Shield – will be deemed to meet the “adequacy test” under European law.
However, those companies can be sanctioned and even excluded from such list if they do not comply with their commitments. The focus of the Privacy Shield is indeed placed on trust and effective enforcement of EU citizen’s right to privacy. The new framework also imposes clear safeguards and transparency obligations on U.S. government access. Vice-President Ansip declared: “Trust is a must, it is what will drive our digital future”.
The draft adequacy decision (on which the WP29 will soon give its opinion) can be found here.