U.S. and EU agree on a Privacy Shield, replacing the Safe Harbor Frame

U.S. and EU agree on a Privacy Shield, replacing the Safe Harbor Frame

The United States and the European Union have reached an agreement on the EU-U.S. Privacy Shield, replacing the Safe Harbor Framework.

U.S. Secretary of Commerce Penny Pritzker said in a statement that “this historic agreement is a major achievement for privacy and for businesses on both sides of the Atlantic. It provides certainty that will help grow the digital economy by ensuring that thousands of European and American businesses and millions of individuals can continue to access services online.”

U.S. Secretary of Commerce underscores that the deal demonstrates “our commitment to working together as leaders in the global economy, promoting our shared values, and bridging our differences where they exist”.

The EU-U.S. Privacy Shield significantly improves commercial oversight and enhances privacy protections.

The Privacy Shield strengthens cooperation between the Federal Trade Commission and EU Data Protection Authorities, providing independent, vigorous enforcement of the data protection requirements set forth in the Privacy Shield.

EU individuals will have access to multiple avenues to resolve concerns, including through alternative dispute resolution, now at no cost to the individual.
The Department of Commerce will step in directly and use best efforts to resolve referred complaints, including by dedicating a special team with significant new resources to supervise compliance with the Privacy Shield.

The Privacy Shield adds an important new avenue to supplement the others. Companies now will commit to participate in arbitration as a matter of last resort to ensure that EU individuals who still have concerns will have the opportunity to seek legal remedies.

The Privacy Shield embodies a renewed commitment to privacy by the U.S. and the EU, and to ensure it remains a living framework subject to active supervision, the Department of Commerce, the FTC, and EU DPAs will hold annual review meetings to discuss the functioning of and compliance with the Privacy Shield.

The Privacy Shield includes significant improvements to improve transparency regarding personal data use, strengthen the protections participants provide, and inform EU individuals more comprehensively about their rights under the program.

The Privacy Shield includes new contractual privacy protections and oversight for data transferred by participating companies to third parties or processed by those companies’ agents to improve accountability and ensure a continuity of protection.