U.S. Secretary of Commerce Penny Pritzker released a statement regarding the historic agreement, noting that the “EU-US Privacy Shield is a tremendous victory for privacy, individuals, and businesses on both sides of the Atlantic.”
The EU-US Privacy Shield Framework (the “Framework”) was designed by the U.S. Department of Commerce (the “DOC”) and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
The Framework provides robust and enforceable protections for the personal data of EU individuals, mandating transparency for participating companies, strong U.S. government oversight, and increased cooperation with EU data protection authorities. Offering EU individuals access to multiple avenues to address concerns regarding participants’ compliance and a free dispute resolution, the Framework makes it easier for EU individuals to understand and exercise their rights.
The European Commission proposed that the Framework be deemed adequate to enable data transfers under EU law, which is now in the approval process. Once an adequacy determination is made, the DOC will begin accepting certifications under the Framework. Similar to the certification process of the now invalid Safe Harbor, if a U.S. based-company wishes to join the Framework, it will be required to self-certify to the DOC and publicly commit to comply with the Framework’s requirements. While joining the Framework will be voluntary, once an eligible company certifies compliance, the commitment will become enforceable under U.S. law.
Read the fact-sheet about the EU-US Privacy Shield Framework here.
Read the full text of the EU-US Privacy Shield Framework here.