privacy shield_FOTO 1

Businesses like Facebook and Google can continue transferring data from users that reside in the European Union to their servers in the United States thanks to a new agreement between the European Commission and the US Department of Commerce.

This new pact is called Privacy Shield and is composed of a series of guidelines. The guidelines mandate how companies can transfer EU citizens’ personal information to the US. These protocols are meant to make data transfers  compliant with EU privacy laws and will replace the Safe Harbor framework.

Safe Harbor was viewed invalid by the European Court of Justice in October 2015 after Edward Snowden leaked information about intelligence agency spying. In response to these concerns over surveillance, for the first time, American authorities will be subject to clear limitations, safeguards and oversight mechanisms in the new agreement, except for in necessary cases.

According to European justice, Safe Harbor did not guarantee a sufficient level of protection.

privacy shield__FOTO 2This new agreement has three main objectives: Robust Obligations for Companies’ Handling of EU Citizens’ Data, Clear Safeguards and Transparency Obligations for US Government Agency Access, and New Redress and Complain Resolution Mechanisms for EU Citizens.

All companies that import personal data from Europe will have to commit to these obligations and self-certify annually that they meet the requirements which will be monitored by the US Department of Commerce. Additionally, all third party companies that share this user data must also follow this agreement. Companies will have to display the privacy policy on their website and they will have 45 days to respond to all complaints.

As businesses become increasingly more global and more work is conducted online, the amount of user data that is transferred must be protected. For many, Privacy Shield is still insufficient for protecting user data but at least now that this agreement is in place, businesses will be aware of what is justified under EU law. This agreement will be reviewed annually by the EU and US to make sure this new system is working properly.