According to the Wall Street Journal, about 40 US companies have signed on to the US-EU “Privacy Shield” agreement, which had been introduced earlier this year to succeed the now-invalid Safe Harbor agreement. The Safe Harbor Act had been in place for decades, and it allowed the transfer and processing of data between servers in the US and Europe.
Back in October of 2015, The European Court of Justice invalidated the Safe Harbor agreement, as there was a perceived risk of US government spying on EU data. Because of this decision, US companies that were doing business at the time with Europe suddenly found themselves just hanging in a sense of legal limbo.
With the new arrangement that was worked out earlier this yer, there’s a range of imposed new safeguards for European data being processed on US servers:
US companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed
- The US has given the EU assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight
- Any European who believes their data has been misused under the new arrangement will have several redress possibilities
- There will be a dedicated new Ombudsperson role in the US State Department to address complaints from European privacy regulators on behalf of individuals.
The names of some of the companies that are now in compliance with the Privacy Shield rules were released by the US Commerce Department. These companies include Salesforce and Microsoft. There are, presumably, others, like Facebook and Google that will follow shortly. More than 200 applications were reportedly being processed by the Commerce Department.
Those companies that do business in Europe or with EU citizens (even indirectly) will either need to become certified under Privacy Shield, or else they need to make alternative arrangements to comply with European data protection rules.
Of course, there will be the possibility that the new Privacy Shield regime could be challenged in European courts by privacy skeptics who feel this new change isn’t going far enough to protect European data.