in a surprising turnaround, the factors who failed to agree to a replacement for the Safe Harbor/Safe Harbour agreement (Safe Harbour 2.0 misses the deadline boat) abandoned in October last year have, after a day’s rest, decided that they can agree after all, and delivered a new 'EU-US Privacy Shield’ agreement.
The new agreement, announced today places stronger obligations on the US to better protect the data of European citizens, and unlike Safe Harbor the shield will also be reviewed regularly to make sure it is still up to standard and meeting the needs of consumers and businesses.
"We have agreed on a new strong framework on data flows with the US," said Andrus Ansip, Vice President for the digital single market on the European Commission. "Our businesses, especially the smallest ones, have the legal certainty they need to develop their activities across the Atlantic."
Vera Jourova, Commissioner and part of the digital single market project team, added:
"The new EU-US Privacy Shield will protect the fundamental rights of Europeans when their personal data is transferred to U.S. companies. For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms. Also for the first time, EU citizens will benefit from redress mechanisms in this area."
There are still areas that need to be finalised, both by the EU and the US, before the agreement can be fully put in place but this is expected to happen over the next few day with the agreement finalised in a few weeks.
Commenting on the decision, Mark Thompson, Privacy Practice Leader at KPMG, said: “A lot of global businesses will be breathing a sigh of relief today as a significant number of them didn’t take action to address the risk of Safe Harbor disappearing. The agreement is good news for companies as a number were clearly going to struggle from a financial and operational point of view with the uncertainty surrounding the movement of personal data.”
But Thompson warns businesses to not rest too easy, this is just one of a number of agreements coming through the pipeline, including the big GDPR (General Data Protection Regulation) due this year, “The privacy agreement has made big headlines, but it is essential for companies to build a sustainable and flexible privacy compliance environment, which allows them to respond to ongoing developments and leverage personal information in support of business activities. The new GDPR Regulation is on the horizon and organisations need to understand that this issue is one of many which they need to address in a pragmatic manner.”