Following the announcement by the European Commission of the newly agreed EU-US Privacy Shield, the missing piece of the jigsaw was the Article 29 Working Party’s stance on the adequacy of the existing mechanisms in place—in particular, standard contractual clauses and binding corporate rules. So after two days of intense discussions, the Working Party has issued a statement with its latest position, which is the follow up to their original reaction to the invalidation of Safe Harbor last October. The bottom line: the Working Party still does not view US government surveillance laws as sufficiently protective of privacy—a position which calls all transfers of personal data to the US in question, regardless of the methods used to legitimise the transfer—but they will reconsider this position in light of the Privacy Shield in the coming months.
The European Commission has announced an agreement today with the United States Department of Commerce to replace the invalidated Safe Harbor agreement on transatlantic data flows with a new EU-U.S. “Privacy Shield.” The Privacy Shield aims to address the requirements set out by the European Court of Justice in its Oct. 6, 2015 ruling by imposing stronger obligations on companies, providing stronger monitoring and enforcement by the DOC and Federal Trade Commission , and making commitments regarding access to information on the part of public authorities. In announcing the agreement, Vice-President Ansip noted his belief that the Privacy Shield will benefit both European businesses and citizens, and will prove to be a “much better” solution for transatlantic data flows.