The EU-US privacy package revealed: a solid shield?
Further to the invalidation of the Safe Harbor by the European Court of Justice on 6 October 2015, the legal uncertainty on personal data transfers to the U.S. may - hopefully - come to an end in the near future.
Following the signature by President Obama of the Judicial Redress Act on 24 February 2016, the Commission revealed the EU - U.S. Privacy Shield package on 29 February. Like the invalidated Safe Harbor, the EU-U.S. Privacy Shield is based on a system of annual self-certification by which U.S. organisations commit to a set of privacy principles issued by the U.S. Department of Commerce ("Privacy Principles"). To validate the EU-U.S. Privacy Shield, the Commission has prepared a draft "adequacy-decision" to which the Privacy Principles are annexed as well as letters from various representatives of U.S. institutions.
This framework is presented by the Commission as final, yet will be subject to the following further validation steps: (i) first the Article 29 Working Party (WP 29 - the EU advisory body) will assess the documents in order to give its opinion on 13 April 2016, (ii) then the Member States will give their opinion in comitology and lastly, (iii) the "adequacy-decision" will be submitted for adoption to the College of Commissioners.
Please read more on this topic in our newsletter.