eDiscovery Daily Blog
Europe and US Agree to Replace Safe Harbor with a Shield: eDiscovery Trends
While many of us were at LegalTech® New York 2016 last week, an important new framework for transatlantic data flows was agreed upon – the EU-US Privacy Shield.
As announced last Tuesday, the new framework is intended to protect the fundamental rights of Europeans where their data is transferred to the United States and ensure legal certainty for businesses.
According to the European Commission, the EU-US Privacy Shield reflects the requirements set out by the European Court of Justice (ECJ) in its ruling in the Schrems case last October 2015 (covered by us here), which declared the old Safe Harbor framework invalid. The new arrangement will provide stronger obligations on companies in the U.S. to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission (FTC), including through increased cooperation with European Data Protection Authorities. The new arrangement includes commitments by the U.S. that possibilities under U.S. law for public authorities to access personal data transferred under the new arrangement will be subject to clear conditions, limitations and oversight, preventing generalized access. Europeans will have the possibility to raise any inquiry or complaint in this context with a dedicated new Ombudsperson.
The new agreement, which has yet to be published (and is apparently still “some” weeks out, according to an article in TechCrunch) will include provisions for “strong obligations on companies handling Europeans’ personal data and robust enforcement”, “clear safeguards and transparency obligations on U.S. government access” and “effective protection of EU citizens’ rights with several redress possibilities”. Next steps include preparation of a draft “adequacy decision” in the coming weeks, which could then be adopted by the College of Commissioners after obtaining the advice of the Article 29 Working Party and after consulting a committee composed of representatives of the Member States. In the meantime, the U.S. side will make the necessary preparations to put in place the new framework, monitoring mechanisms and new Ombudsman.
In the TechCrunch article, Schrems, whose legal action against Facebook ultimately brought down the original Safe Harbor, expressed skepticism the deal goes far enough to stand the test of another legal challenge at the ECJ, noting that the “Court has explicitly held, that any generalized access to such data violates the fundamental rights of EU citizens”.
So, what do you think? Will the new “Privacy Shield” hold? Or is it too soon to tell? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.