Businesses like Facebook and Google can continue transferring data from users that reside in the European Union to their servers in the United States thanks to a new agreement between the European Commission and the US Department of Commerce.
This new pact is called Privacy Shield and is composed of a series of guidelines. The guidelines mandate how companies can transfer EU citizens’ personal information to the US. These protocols are meant to make data transfers compliant with EU privacy laws and will replace the Safe Harbor framework.
Safe Harbor was viewed invalid by the European Court of Justice in October 2015 after Edward Snowden leaked information about intelligence agency spying. In response to these concerns over surveillance, for the first time, American authorities will be subject to clear limitations, safeguards and oversight mechanisms in the new agreement, except for in necessary cases.
According to European justice, Safe Harbor did not guarantee a sufficient level of protection.
This new agreement has three main objectives: Robust Obligations for Companies’ Handling of EU Citizens’ Data, Clear Safeguards and Transparency Obligations for US Government Agency Access, and New Redress and Complain Resolution Mechanisms for EU Citizens.
As businesses become increasingly more global and more work is conducted online, the amount of user data that is transferred must be protected. For many, Privacy Shield is still insufficient for protecting user data but at least now that this agreement is in place, businesses will be aware of what is justified under EU law. This agreement will be reviewed annually by the EU and US to make sure this new system is working properly.