A new framework for transatlantic data transfers: EU-US Privacy Shield
On 2 February 2016, an agreement was approved on the new legal framework for personal data transfers across the Atlantic. This agreement follows the Safe Harbour framework, a failed project that allowed a simplified system of personal data transfers from the EU to the US and that was, due to lack of privacy on the US side, invalidated by the judgement of the European Court of Justice of 6 October 2015.
Numerous businesses (particularly technology companies) that daily transfer personal data to be processed in the US were then for a transitional period forced to accept a stricter transfer framework. The Privacy Shield will again bring a simplified transfer regime, including the fact that the US will introduce more rigorous control mechanisms (annual certification of processors, publication of a privacy policy on a website, etc.) and that EU citizens will be entitled to submit their complaints to processors in the US. The agreement should be implemented in the weeks to come.