Publication of Privacy Shield rules a ‘welcome step’
Lawyers have welcomed more information about the new regime governing the transfer of personal data between the EU and the US.
The rules on “Privacy Shield”, the replacement for the defunct “Safe Harbour”, have been published by the European Commission.
Vice-president Andrus Ansip said “both sides of the Atlantic work to ensure that the personal data of citizens will be fully protected and that we are fit for the opportunities of the digital age”.
He added: “Businesses are the ones that will implement the framework; we are now in contact on a daily basis to ensure the preparation is done in the best possible way.
“We will continue our efforts, within the EU and on the global stage, to strengthen confidence in the online world. Trust is a must, it is what will drive our digital future.”
Marie McGinley, partner and head of intellectual property, technology & data protection at Eversheds Ireland, told Irish Legal News: “The release of further information in relation to the new proposed EU-US Privacy Shield is a welcome step for transatlantic data flows.
“We have now been provided with further insight into the proposal, including how businesses can obtain certification and what commitments will be required by doing so.
“While the self-certification process may be similar to the process used for Safe Harbour, the new EU-US Privacy Shield self-certification process will need to be assessed annually.
“In addition, the process will involve higher standards to be met and greater oversight by the US Department of Commerce in relation to monitoring such self-certification. In addition, companies are required to deal with complaints from data subjects within 45 days and data subjects are afforded stronger redress mechanisms.”
“Written assurances have been provided by the US authorities in relation to surveillance, however, the degree to which that matches the requirements of the CJEU in the Schrems decision remains to be seen. The Article 29 Working Party will now consider the proposed EU-US Privacy Shield in order to determine whether it addresses the concerns raised by the CJEU in the Schrems decision.”