The EU-U.S. privacy package revealed : a solid Shield?
The legal uncertainty on personal data transfers to the U.S. caused by the invalidation of the Safe Harbor by the European Court of Justice on 6 October 2015, may - hopefully - come to an end in the near future.
Following the signature by President Obama of the Judicial Redress Act on 24 February 2016, the Commission revealed the EU - U.S. Privacy Shield package on 29 February 2016. Like the invalidated Safe Harbor, the EU-U.S.
Privacy Shield is based on a system of annual self-certification by which U.S. organisations commit to a set of privacy principles issued by the U.S. Department of Commerce («Privacy Principles»). To validate the EUU.S. Privacy Shield, the Commission has prepared a draft «adequacy-decision» to which the Privacy Principles are annexed as well as letters from various representatives of U.S. institutions.
This framework is built on four key points which will be subject to resistance tests within the next weeks. These tests will also determine the fate of the other transfer legitimization instruments (notably Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCR)).
Source: Agefi - March 2016