On Tuesday, July 12th, EU Justice Commissioner, Vera Jourova, and U.S. Secretary of Commerce, Penny Pritzker, presented the Privacy Shield, which replaces the Safe Harbor Agreement that the European Court of Justice (ECJ) invalidated in October 2015. Companies will be able to certify for the mechanism with the Department of Commerce from August 1.
The Privacy Shield will serve as one of the legal mechanisms under which companies can transfer personal data between the U.S. and EU. The new agreement introduces stronger obligation on companies handling personal data, clearer safeguards and transparency obligations on U.S. government access and better protections for individual rights. The aim is to reflect the requirements set out by the ECJ in its October 2015 ruling.
The Privacy Shield also introduces new redress mechanisms, which will apply to all transfer instruments, such as the Binding Corporate Rules (BCRs) that PayPal uses as a basis for transatlantic transfers of personal data. European citizens whose data is considered to have been misused under the Privacy Shield or our BCRs will have access to several accessible and affordable options, including those developed by the companies themselves and free-of-charge Alternative Dispute resolution solutions. Individuals will also be able to go to their national Data Protection Regulator, who will work with the U.S. Federal Trade Commission to ensure that complaints by EU citizens are investigated and resolved. The U.S. Secretary of State has furthermore established an Ombudsperson mechanism that Europeans have access to contest data gathering by national intelligence.