03 Feb 2016

US and EU unveil successor to Safe Harbour

Negotiators from the European Commission and US State Department have ended ongoing regulatory uncertainty and clinched a new agreement for transatlantic data transfers, winning praise from business figures but scepticism from privacy advocates.

The new data protection agreement between the United States and European Union has been named 'Privacy Shield'. Andrey VP

Following the revelations of whistleblower Edward Snowden and mounting concerns about the privacy of personal data under corporate ownership, the European Court of Justice last year ruled the previous accord between the US and EU regarding transatlantic transfers of personal data invalid. As negotiators have attempted to flesh out a new deal over the last few months, many in the business community feared that the new rules might place unworkable regulatory roadblocks on companies, particularly tech firms, that operate in both Europe and the US. One day after the official deadline for negotiations expired, however, EU and US officials reached broad agreement on a new framework for protecting personal information.

New safeguards

The architects of the new framework have given the name ‘Privacy Shield’ to Safe Harbour’s successor. While additional checks and balances will be placed on US companies which store the private data of EU citizens, US firms will be able to continue storing such data on US servers in compliance with American, rather than European, privacy laws. However, Privacy Shield incorporates additional protections to help ensure that the personal data of European citizens is ‘shielded’ from US laws that allow for mass surveillance of personal data by government agencies. These include the creation of a new government ombudsman to handle the complaints of EU citizens concerned about the privacy of their personal data in the US, and written commitments from the US Office of the Director of National Intelligence that the data of European citizens will not be subject to mass surveillance. Businesses may also be barred from making use of the data transfer agreement if they fail to comply with privacy safeguards. 


While some have praised the deal for delivering businesses relative continuity with Safe Harbour, Privacy Shield has already drawn heavy criticism from privacy advocates. Campaigner Max Schrems has argued that, though the exact legal framework for Privacy Shield is still unknown, the deal shows disregard for the ECJ's ruling on Safe Harbour. 'The court has clearly stated that the US has to "ensure" proper protection by means of "domestic law or international committments",' he said. 'A couple of letters by the outgoing Obama administration is by no means a legal basis to guarantee the rights of 500 million European users in the long run.' Sources: BBC; Wall Street Journal