On 10 December the Diari Oficial de la Unió Europea published the whole text in relation to the agreement the European Union and the United States came to on 12 July 2016 concerning the creation of a privacy shield between the two.[1]
According to the European Commission, this agreement will lead to a legal framework aimed at protecting the fundamental rights of any member of the EU whose personal data is transferred to the United States, and will provide judicial clarity for companies on transatlantic data transfers.
According to the vice president of the European Commission, Andrus Ansip, Europeans and Americans will have a solid framework to guarantee that such transfers are carried out in the best and most secure conditions.[2]
The EU−USA privacy shield is based on the following principles:
- Firm obligations for companies which work with data: The US Department of Commerce will update and regularly review participating companies, in order to guarantee that conditions they have subscribed to are being respected. If companies don’t adhere to this practice, they may be sanctioned or withdrawn from the list.
- Obligations concerning transparency and clear safeguards in relation to use by the North American administration: The United States has given the EU guarantees that access on the part of public authorities is subject to limitations, safeguards and clear supervising mechanisms in accordance with the law. Also, for the first time, anyone within the EU will be entitled to appeal.
- Effective protection of individual rights: Any citizen who feels that his / her data has been used incorrectly in the system will have access to a range of mechanisms in order to resolve feasible lawsuits. Individuals can also address their own country’s data protection authorities, which collaborate with the Federal Commission of Commerce to guarantee that the complaints of EU citizens are investigated and resolved. If a case is not resolved one way or another, an arbitration system is expected to be introduced as a last resort.
- Annual joint review mechanism: This mechanism will follow up the functioning of the privacy shield, including the commitments and guarantees related to access to data in relation to the application of the law or national security. The European Commission and the Department of Commerce of the United States will carry out the review and this process will involve national security experts from the United States and European data protection authorities. The Commission will present an annual public report to the European Parliament and the Union Council.
Since the presentation of the privacy shield project, the Commission has taken into consideration the reports drawn up by European data protection authorities, by the European Supervisor of data protection and by the European Parliament when including a series of additional clarifications and improvements. The European Commission and the United States agreed, in particular, to introduce additional clarifications about the gathering of data in block, to reinforce the mechanism of the ombudsman and introduce more explicit obligations for companies concerning the limits applied to storage and ulterior transfers.
[1] C/2016/4176 Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176) (Text with EEA relevance). (2016). EU law and publications. [online] Disponible a: https://publications.europa.eu/en/publication-detail/-/publication/c183d956-57a6-11e6-89bd-01aa75ed71a1/language-en/format-PDFA1A/source-20824799 [Accés 14.12.2016].
[2] European Commission (2016). The European Commission applies the EU-USA security shield: more protection applied to the flow of transatlantic data. [on line] Available at: http://europa.eu/rapid/press-release_IP-16-2461_es.htm [Accés 13.12.2016].
_____
Aquest apunt en català / Esta entrada en español / Post en français