Privacy Shield Agreement Approved

14 July 2016 | Jonathan Martin

This week the Privacy Shield Agreement was formally approved for data transfers between EU member states and the US.

As previously reported, Privacy Shield is the replacement for the former Safe Harbor Agreement, declared unlawful by the Court of Justice of the European Communities (CJEU) in October last year, since when EU based employers who transfer their employees’ data to the US have been in a legal limbo.

Privacy Shield was agreed in draft between the US Government and the EU Commission in February this year.  It provides increased protection for data relating to subjects of EU member states through:

  • a US ombudsman to handle complaints from EU citizens about Americans viewing their data without permission;
  • written commitments from the US Office of the Director of National Intelligence that EU citizens’ personal data will not be subject to mass surveillance;
  • a joint annual review to ensure that this new system is working properly;
  • EU data protection authorities to work with the Federal Trade Commission to address any flagged problems; and
  • companies being barred from making use of this process if they do not comply with privacy safeguards.

These proposals were initially rejected as inadequate by the EU working party dealing with data protection issues in February, particularly due to the perceived lack of independence of the Ombudsman and the continuing concerns over the possibility of mass surveillance of data.  It appears that further assurances from the US Office of the Director of National intelligence that EU citizens’ data would not be subject to mass surveillance, have now satisfied most, though not all, member states – representatives from Austria, Slovenia, Bulgaria and Croatia abstained from the vote, saying that they still had concerns that the text of Privacy Shield did not go far enough.

Now that it has been formally adopted, Privacy Shield  restores a legal means by which EU-based companies may transfer employee data to the US, provided that the US entity receiving the data has formally adopted it.  Adoption is not a legal obligation but, if the US entity cannot show it intends to abide by the terms of Privacy Shield, data transfers of EU subjects personal information to it will not be lawful.

David Widdowson, Partner at Abbiss Cadres commented on the Privacy Shield Agreement saying: “This is a major step forward after months of uncertainty and a two year negotiation period between the US and the EU. The EU Commission has now issued a “adequacy decision” to Member States which means that data transfers to the US under Privacy Shield are now lawful.”

Disclaimer

Content is for general information purposes only. The information provided is not intended to be comprehensive and it does not constitute or contain legal or other advice. If you require assistance in relation to any issue please seek specific advice relevant to your particular circumstances. In particular, no responsibility shall be accepted by the authors or by Abbiss Cadres LLP for any losses occasioned by reliance on any content appearing on or accessible from this article.

Circular 230 disclosure

To ensure compliance with requirements imposed by the IRS and other taxing authorities, we inform you that any tax advice contained in this article (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.

The author

Jonathan Martin
Senior Consultant
Business Immigration
Global Mobility
D: +44 (0) 207 036 8397
T: +44 (0) 203 051 5711
F: +44 (0) 203 051 5712

Also by the author

12 August 2021
Guide to obtaining a Representative of an Overseas Business visa
20 July 2021
Immigration In The COVID-19 Lockdown In The UK
18 May 2021
How Changes to the Immigration System Could Affect Your Clients' Operations
Subscribe to our newsletter
Stay up to the minute on our latest news and insights?