As you may know, the EU Safe Harbor was invalidated and the U.S. Department of Commerce and the EU have been working to develop a replacement program which would allow for the trans-border flow of personal data between the U.S. and the EU member states.
On July 12, 2016, they successfully passed the new program called the EU-U.S. Privacy Shield, which goes into effective on August 1st.
According to the EU-U.S. Privacy Shield Fact Sheet, the framework was designed to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the U.S. in support of transatlantic commerce. It also imposes stronger obligations on U.S. companies to protect Europeans’ personal data. It reflects the requirements of the European Court of Justice, which ruled the previous Safe Harbor framework invalid.
The Privacy Shield requires the U.S. to monitor and enforce more robustly, and cooperate more with European Data Protection Authorities. It includes, for the first time, written commitments and assurance regarding access to data by public authorities.
In order to best understand the difference between the old and new framework, Bryan Cave LLP, a global law firm that serves clients in key business and financial markets, has prepared a side-by-side comparison of the invalidated Safe Harbor and the new Privacy Shield. The key areas covered in the comparison are:
- Onward transfers to controllers
- Onward transfers to service providers/sub processing
- Data integrity
- Data subject’s enforcement ability
- Contracting party oversight
- Regulatory oversight
- Regulatory liability
To view the full comparison, click here.