The “adequacy decision” for EU-US personal data transfers, drafted by the EU Commission, as well as the texts that will constitute the EU-US Privacy Shield have been published today. The EU Commission concludes that the United States ensures an adequate level of protection for personal data transferred under the EU-US Privacy Shield. The text will now be evaluated by the EU DPAs and the European Data Protection Supervisor before it can be formally adopted by the College (of EU Commissioners). EU DPAs are expected to give their view by the end of March.
Under the new system, EU citizens would have several redress possibilities. Any complaints received by companies would have to be resolved within 45 days. In addition to an Alternative Dispute Resolution mechanism, EU citizens could get assistance from their national Data Protection Authorities, who will work with the US Federal Trade Commission.
Enforcement of the programme would be a task for the Federal Trade Commission, but in some cases the EU DPAs’ arms would stretch over the Atlantic. US organisations would have to cooperate if a complaint has been made about Human Resources data collected in the context of an employment relationship. Companies could also voluntarily give oversight to the DPAs.
The programme would be administered by the US Department of Commerce, and participants would have to re-certify annually.
Organisations that have persistently failed to comply with the Privacy Principles would be removed from the Privacy Shield List and would have to return or delete the personal data received under the EU-US Privacy Shield.
There would be an annual review of the functioning of the Privacy Shield, and the Commission would issue a public report to the European Parliament and the Council. The EU DP Regulation expressly requires the Commission to periodically review, at least every four years, all of its adequacy decisions.
The deal would also make it possible to file complaints against US national intelligence activities. An Ombudsperson would be created within the Department of State, who will be independent from the national security services.
More to read: Click on this link – Privacy Shield