The Privacy Shield on the transfer of personal data between the European Union and the United States has now been approved by the EU Member States opening new interesting scenarios.
The EU Member States declared their support to the Privacy Shield in a joint statement by the EU digital commissioner Andrus Ansip and justice commissioner Vera Jourová.
The troubled journey of the Privacy Shield
After the invalidation of the Safe Harbor program regulating the transfer of personal data between the European Union and the United States, a feeling of “panic” had arisen among US businesses operating in Europe. Companies started to urgently adopt the EU model clauses as an alternative to the Safe Harbor program, but also such approach was challenged by a German data protection authority and the Irish data protection authority even referred the EU model clauses to the European Court of Justice.
Also, once the draft Privacy Shield was published, it was criticized by the Article 29 Working Party that is body made of all the EU data protection authorities and by the Article 31 committee which includes representatives of all the EU Member States.
Is everything going to be back to normal now?
The European Commission is expected to adopt the decision on the Privacy Shield in the coming days. At that time the new rules will officially be adopted.
However, the Privacy Shield is not just a new name for the Safe Harbor. As outlined in my previous article, the new program on the transfer of personal data to the United States places much stronger obligations on US businesses that will soon also have to deal with the massive fines prescribed by the upcoming EU Privacy Regulation.
Additionally, we cannot exclude that the Privacy Shield might be challenged. And with the uncertainty around also the Binding Corporate Rules after the UK referendum on Brexit, a number of US companies are planning to restructure their group to limit the potential risk exposure.